Double Opt-In for Download <= 2.0.8 – SQL Injection | CVE 2015-7517

Affects Plugins

double-opt-in-for-download

Fixed in 2.0.9

References

CVE

CVE-2015-7517

URL

http://www.vapidlabs.com/advisory.php?v=157

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

a42cd8d9-144a-4e80-8718-333f078326a8

Timeline

Publicly Published

2015-11-28 (about 10 years ago)

Added

2015-11-28 (about 10 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-09-24

Title

The Events Calendar < 6.6.4.1 - Unauthenticated SQL Injection

Published

2026-03-18

Title

Appointment Booking Calendar < 1.6.10.2 - Unauthenticated SQL Injection via 'fields' Parameter

Published

2024-11-15

Title

Blogger 301 Redirect <= 2.5.3 - Unauthenticated SQL Injection via br

Published

2022-09-21

Title

WP Custom Cursors < 3.2 - Admin+ SQLi

Published

2022-03-29

Title

5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi