WordPress Plugin Vulnerabilities

Easy Team Manager 1.3.2 - Authenticated Blind SQL Injection

Description

The easy-team-manager WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
easy-team-manager
No known fix

References

CVE
CVE-2017-1002023
URL
https://www.openwall.com/lists/oss-security/2017/05/30/28
URL
http://www.vapidlabs.com/advisory.php?v=194

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
e76618a6-9ece-428b-a202-8dda0867f461

Timeline

Publicly Published
2017-05-31 (about 8 years ago)
Added
2017-05-31 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2018-05-27
Title
Membermouse < 2.2.9 - Blind SQL Injection
Published
2025-05-16
Title
Video Player & FullScreen Video Background <= 2.4.1 - Authenticated (Administrator+) SQL Injection
Published
2022-01-19
Title
SupportBoard < 3.4.2 - Multiple Authenticated SQLi
Published
2025-07-22
Title
WP Links Page < 5.0 - Subscriber+ SQL Injection
Published
2025-03-07
Title
WP-Recall – Registration, Profile, Commerce & More < 16.26.12 - Unauthenticated SQL Injection