WordPress Plugin Vulnerabilities

Content Audit < 1.6.2 - Authenticated Blind SQL Injection

Description

The Content Audit WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
content-audit
Fixed in 1.6.2

References

CVE
CVE-2014-5389
URL
https://packetstormsecurity.com/files/#128525/
URL
https://advisories.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-could-allow-a-privileged-attacker-to-exfiltrate-password-hashes/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
9f5e6ebd-a4cf-4b21-a7ec-d5572ac5766a

Timeline

Publicly Published
2014-10-01 (about 11 years ago)
Added
2014-10-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2022-01-20
Title
WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS
Published
2015-07-16
Title
Plugmatter Optin Feature Box <= 2.0.13 - Unauthenticated Blind SQL Injection
Published
2014-08-01
Title
Easy Contact Form Lite <= 1.0.7 - SQL Injection
Published
2021-08-04
Title
Availability Calendar < 1.2.1 - Authenticated SQL Injection
Published
2023-11-07
Title
Who Hit The Page – Hit Counter <= 1.4.14.3 - Authenticated (Administrator+) SQL Injection