WordPress Plugin Vulnerabilities

Capability Manager Enhanced <= 1.5.8 - Authenticated SQLi

Description

The PublishPress Capabilities: Manage WordPress Permissions and Edit User Roles WordPress plugin was affected by an Authenticated SQLi security vulnerability.

Affects Plugins

capability-manager-enhanced

Fixed in version 1.5.9

References

URL

https://plugins.trac.wordpress.org/changeset/1912433

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Verified

WPVDB ID

7a06a861-4262-406c-9156-dfa7d2966678

Timeline

Publicly Published

2018-09-25 (about 3 years ago)

Added

2019-07-18 (about 3 years ago)

Last Updated

2019-07-18 (about 3 years ago)

Our Other Services

WPScan WordPress Security Plugin