WordPress Plugin Vulnerabilities

WonderPlugin Audio Player 2.0 - Blind SQL Injection & XSS

Description

The wonderplugin-audio WordPress plugin was affected by a Blind SQL Injection & XSS security vulnerability.

Affects Plugins

Plugin icon
wonderplugin-audio
Fixed in 2.1

References

CVE
CVE-2015-2199
CVE
CVE-2015-2218
Exploitdb
36086
URL
https://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
KacperSzurek
Verified
No
WPVDB ID
7d3d8ac1-23d5-49da-aed1-92e4394effb8

Timeline

Publicly Published
2015-02-19 (about 11 years ago)
Added
2015-02-19 (about 11 years ago)
Last Updated
2020-10-25 (about 5 years ago)

Other

Published
Title
Published
2017-01-10
Title
Responsive Poll 1.6.4,1.7.4 - Cross-Site Scripting (XSS) & CSRF
Published
2015-07-25
Title
Unite Gallery Lite < 1.5 - CSRF & Authenticated SQL Injection
Published
2017-03-01
Title
Contact Form Manager < 1.4.4 - CSRF & Cross-Site Scripting (XSS)
Published
2019-05-06
Title
W3 Total Cache < 0.9.7.4 - Blind SSRF and RCE via phar
Published
2015-05-02
Title
Ad Inserter 1.5.2 - CSRF & XSS