Mail Masta 1.0 - Multiple SQL Injection



Description
Multiple SQL Injection vulnerabilities in Mail Masta Plugin version 1.0 for WordPress.

The plugin is still affected and has been closed.
Proof of Concept
Please refer to: https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin

Affects Plugin

References

CVE 2017-6095
CVE 2017-6096
CVE 2017-6097
CVE 2017-6098
CVE 2017-6570
CVE 2017-6571
CVE 2017-6572
CVE 2017-6573
CVE 2017-6574
CVE 2017-6575
CVE 2017-6576
CVE 2017-6577
CVE 2017-6578
URL https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Hanley Shun
Submitter Website https://github.com/hamkovic/
Views 5587
Verified No
WPVDB ID 8740

Timeline

Publicly Published 2017-02-18 (over 2 years ago)
Added 2017-02-23 (over 2 years ago)
Last Updated 2019-08-24 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin