Participants Database < 1.5.4.9 – Unauthenticated SQL Injection | CVE 2014-3961

Affects Plugins

participants-database

Fixed in 1.5.4.9

References

CVE

CVE-2014-3961

Exploitdb

33613

URL

https://packetstormsecurity.com/files/#126878/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

10.0 (critical)

Miscellaneous

Verified

No

WPVDB ID

d053b271-d6bd-4eb2-87c9-3f2484335a0b

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-12-17 (about 5 years ago)

Other

Published

Title

Published

2026-05-07

Title

wpForo Forum < 3.0.5 - Unauthenticated SQL Injection

Published

2015-07-16

Title

Plugmatter Optin Feature Box <= 2.0.13 - Unauthenticated Blind SQL Injection

Published

2025-11-14

Title

WP Project Manager < 2.6.27 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

Published

2024-10-15

Title

Email Verification for WooCommerce < 2.9.0 - Unauthenticated SQL Injection

Published

2026-04-16

Title

Form Maker by 10Web < 1.15.41 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter