WordPress Plugin Vulnerabilities

WP Symposium < 15.4 - SQL Injection

Description

The wp-symposium WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-symposium
Fixed in 15.4

References

CVE
CVE-2015-3325
Exploitdb
37080
URL
https://packetstormsecurity.com/files/#131801/
URL
https://web.archive.org/web/20150718010246/https://permalink.gmane.org/gmane.comp.security.oss.general/16479

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
cb30bfcd-58ae-4210-bc6c-6d898c9e446c

Timeline

Publicly Published
2015-04-14 (about 11 years ago)
Added
2015-04-14 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2021-12-24
Title
Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection
Published
2022-08-29
Title
Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi
Published
2025-02-23
Title
Wishlist < 1.0.42 - Authenticated (Contributor+) SQL Injection
Published
2014-08-01
Title
Ajax Gallery <= 3.0 - SQL Injection
Published
2023-10-30
Title
Up down image slideshow gallery < 12.1 - Authenticated (Subscriber+) SQL Injection via Shortcode