WordPress Vulnerabilities

WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection

Affects WordPress

3.8.1
Fixed in WordPress 3.8.10
3.8
Fixed in WordPress 3.8.10
3.7.1
Fixed in WordPress 3.7.10
3.9
Fixed in WordPress 3.9.8
3.9.1
Fixed in WordPress 3.9.8
3.7
Fixed in WordPress 3.7.10
3.8.2
Fixed in WordPress 3.8.10
3.8.3
Fixed in WordPress 3.8.10
3.9.2
Fixed in WordPress 3.9.8
4.0
Fixed in WordPress 4.0.7
4.1
Fixed in WordPress 4.1.7
4.1.1
Fixed in WordPress 4.1.7
4.2
Fixed in WordPress 4.2.4
3.9.3
Fixed in WordPress 3.9.8
4.1.2
Fixed in WordPress 4.1.7
4.2.1
Fixed in WordPress 4.2.4
4.0.1
Fixed in WordPress 4.0.7
4.1.5
Fixed in WordPress 4.1.7
4.1.4
Fixed in WordPress 4.1.7
4.1.3
Fixed in WordPress 4.1.7
3.8.4
Fixed in WordPress 3.8.10
3.7.4
Fixed in WordPress 3.7.10
4.2.3
Fixed in WordPress 4.2.4
3.8.8
Fixed in WordPress 3.8.10
3.8.5
Fixed in WordPress 3.8.10
3.8.6
Fixed in WordPress 3.8.10
3.8.7
Fixed in WordPress 3.8.10
3.7.2
Fixed in WordPress 3.7.10
3.7.3
Fixed in WordPress 3.7.10
3.7.5
Fixed in WordPress 3.7.10
3.7.6
Fixed in WordPress 3.7.10
3.7.7
Fixed in WordPress 3.7.10
3.7.8
Fixed in WordPress 3.7.10
3.7.9
Fixed in WordPress 3.7.10
3.8.9
Fixed in WordPress 3.8.10
3.9.4
Fixed in WordPress 3.9.8
3.9.5
Fixed in WordPress 3.9.8
3.9.6
Fixed in WordPress 3.9.8
3.9.7
Fixed in WordPress 3.9.8
4.0.2
Fixed in WordPress 4.0.7
4.0.3
Fixed in WordPress 4.0.7
4.0.4
Fixed in WordPress 4.0.7
4.0.5
Fixed in WordPress 4.0.7
4.0.6
Fixed in WordPress 4.0.7
4.1.6
Fixed in WordPress 4.1.7
4.2.2
Fixed in WordPress 4.2.4

References

CVE
CVE-2015-2213
URL
https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b52728fa-c068-4098-b796-ce421f31bde5

Timeline

Publicly Published
2015-08-04 (about 10 years ago)
Added
2015-08-04 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2026-01-21
Title
Ultra Portfolio <= 6.7 - Authenticated (Subscriber+) SQL Injection
Published
2025-01-15
Title
Passwords Manager < 1.5.1 - Unauthenticated SQL Injection
Published
2024-08-01
Title
Easy Digital Downloads < 3.3.1 - Unauthenticated SQL Injection
Published
2026-05-04
Title
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.43 - Unauthenticated SQL Injection via 'inputs'
Published
2025-06-12
Title
WP Employee Attendance System <= 3.5 - Authenticated (Administrator+) SQL Injection