WordPress Plugin Vulnerabilities

Mail Masta 1.0 - Multiple SQL Injection

Description

Multiple SQL Injection vulnerabilities in Mail Masta Plugin version 1.0 for WordPress.

The plugin is still affected and has been closed.

Proof of Concept

Affects Plugins

Plugin icon
mail-masta
No known fix

References

CVE
CVE-2017-6095
CVE
CVE-2017-6096
CVE
CVE-2017-6097
CVE
CVE-2017-6098
CVE
CVE-2017-6570
CVE
CVE-2017-6571
CVE
CVE-2017-6572
CVE
CVE-2017-6573
CVE
CVE-2017-6574
CVE
CVE-2017-6575
CVE
CVE-2017-6576
CVE
CVE-2017-6577
CVE
CVE-2017-6578
Exploitdb
41438
URL
https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
Hanley Shun
Submitter website
https://github.com/hamkovic/
Verified
No
WPVDB ID
c992d921-4f5a-403a-9482-3131c69e383a

Timeline

Publicly Published
2017-02-18 (about 9 years ago)
Added
2017-02-23 (about 9 years ago)
Last Updated
2020-12-14 (about 5 years ago)

Other

Published
Title
Published
2016-01-25
Title
Appointment Booking Calendar < 1.1.24 - Unauthenticated SQL Injection
Published
2024-10-31
Title
Market 360 Viewer <= 1.01 - Authenticated (Contributor+) SQL Injection
Published
2015-07-06
Title
Yet Another Stars Rating <= 0.9.0 - Authenticated Blind SQL Injection
Published
2014-08-01
Title
Simple Forum 2.0-2.1 - SQL Injection
Published
2015-03-31
Title
SP Project & Document Manager <= 2.5.3 - Blind SQL Injection