WordPress 1.0-3.8.1 - Authenticated Admin Blind SQL Injection



Description
The vulnerable line in question is line 230 of wp-includes/bookmark.php (in WordPress 3.8.1).

Affects WordPress

fixed in version 3.8.2

References

URL https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Mallory Adams
Views 5912
Verified No
WPVDB ID 5963

Timeline

Publicly Published 2014-03-17 (about 6 years ago)
Added 2014-08-01 (almost 6 years ago)
Last Updated 2020-01-03 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin