WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Mail Masta 1.0 - Multiple SQL Injection

Description

Multiple SQL Injection vulnerabilities in Mail Masta Plugin version 1.0 for WordPress.

The plugin is still affected and has been closed.

Proof of Concept

Please refer to: https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin

Affects Plugins

mail-masta
No known fix - plugin closed

References

CVE
CVE-2017-6095
CVE
CVE-2017-6096
CVE
CVE-2017-6097
CVE
CVE-2017-6098
CVE
CVE-2017-6570
CVE
CVE-2017-6571
CVE
CVE-2017-6572
CVE
CVE-2017-6573
CVE
CVE-2017-6574
CVE
CVE-2017-6575
CVE
CVE-2017-6576
CVE
CVE-2017-6577
CVE
CVE-2017-6578
URL
https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin
ExploitDB
41438

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter

Hanley Shun

Submitter website
https://github.com/hamkovic/
Verified

No

WPVDB ID
c992d921-4f5a-403a-9482-3131c69e383a

Timeline

Publicly Published

2017-02-18 (about 5 years ago)

Added

2017-02-23 (about 5 years ago)

Last Updated

2020-12-14 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin