WordPress Plugin Vulnerabilities

LeagueManager <= 3.9.11 - Unauthenticated SQL Injection

Description

The LeagueManager WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
leaguemanager
No known fix

References

Exploitdb
37182
URL
https://packetstormsecurity.com/files/#132123/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
f3be48f5-ae2c-4e27-80ca-664829b8fba3

Timeline

Publicly Published
2015-06-02 (about 10 years ago)
Added
2015-06-02 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-04-25
Title
WooCommerce Amazon Affiliates < 14.0.31 - Unauthenticated SQL Injection
Published
2022-12-12
Title
Multimedial Images <= 1.0b - Admin+ SQLi
Published
2022-12-09
Title
WP User <= 7.0 - Unauthenticated SQLi
Published
2025-05-16
Title
CountDown Pro WP Plugin <= 2.7 - Authenticated (Contributor+) SQL Injection
Published
2025-01-03
Title
Multiple Shipping And Billing Address For Woocommerce < 1.3 - Unauthenticated SQL Injection