WordPress Plugin Vulnerabilities

WordPress Video Gallery <= 2.8 - SQL Injection

Description

Note: The vendor patched the issue but did not change the version number. Using fixed in version 2.8.1 for detection reasons although in reality this version does not exist at the time of writing.

Proof of Concept

Affects Plugins

Plugin icon
contus-video-gallery
Fixed in 2.8.1

References

URL
https://packetstormsecurity.com/files/#131418/
URL
https://www.homelab.it/index.php/2015/04/13/wordpress-video-gallery-2-8-sql-injection-vulnerability/
URL
https://plugins.trac.wordpress.org/changeset/1129320/contus-video-gallery

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b625aee5-8fd1-4f3e-9a9c-d41bdec13243

Timeline

Publicly Published
2015-04-13 (about 10 years ago)
Added
2015-04-14 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2019-09-10
Title
SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection
Published
2012-08-28
Title
Plugin HD Webplayer <= 1.1 - SQL Injections
Published
2021-11-22
Title
WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
Published
2014-08-01
Title
Spider Calendar 1.0.1 - spidercalendarbig_seemore.php calendar_id Parameter SQL Injection
Published
2015-03-09
Title
All In One WP Security & Firewall <= 3.8.7 - SQL Injection