WordPress Plugin Vulnerabilities

WordPress Video Player < 1.5.18 - Multiple Authenticated Blind SQL Injection

Description

The SpiderVPlayer WordPress plugin was affected by a Multiple Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
player
Fixed in 1.5.18

References

Exploitdb
40137
URL
https://sumofpwn.nl/advisory/2016/multiple_sql_injection_vulnerabilities_in_wordpress_video_player.html
URL
https://seclists.org/fulldisclosure/2016/Jul/56
URL
https://plugins.trac.wordpress.org/changeset/1456795/player

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
da93ee31-4923-42e6-b6ac-cf0ade537a85

Timeline

Publicly Published
2016-07-19 (about 9 years ago)
Added
2016-07-20 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2022-12-09
Title
LetsRecover < 1.2.0 - Admin+ SQLi
Published
2023-01-31
Title
WP Statistics < 13.2.11 - Subscriber+ SQLi
Published
2023-06-23
Title
MStore API < 3.9.8 - Unauthenticated SQL Injection
Published
2014-08-01
Title
WordPress <= 1.5.1.1 - SQL Injection
Published
2020-09-06
Title
Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection