WordPress Plugin Vulnerabilities

WP Symposium < 15.8 - Blind SQL Injection

Description

The wp-symposium WordPress plugin was affected by a Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-symposium
Fixed in 15.8

References

URL
https://advisories.dxw.com/advisories/blind-sql-injection-in-wp-symposium-allows-unauthenticated-attackers-to-access-sensitive-data/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a4b7d222-2d1d-44c0-be07-b328c1a2a0d7

Timeline

Publicly Published
2015-08-10 (about 10 years ago)
Added
2015-08-10 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2026-02-27
Title
EasyCart < 5.8.14 - Authenticated (Contributor+) SQL Injection
Published
2015-04-13
Title
WordPress Video Gallery <= 2.8 - SQL Injection
Published
2014-08-01
Title
MoodThingy Widget <= 0.9.1 - Multiple SQL Injection
Published
2024-04-12
Title
User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection
Published
2024-10-08
Title
Backup and Staging by WP Time Capsule < 1.22.22 - Authenticated (Contributor+) SQL Injection