WordPress 2.3.0-4.7.4 - Authenticated SQL injection
| Description | Due bad solution of the database abstraction library WordPress exposes itself towards SQL Injection and validation bypass. Beside WordPress itself this issue have huge impact towards complete WP ecosystem. Up to WordPress 4.8.1 is vulnerable, but this time attack is dependent from another plugins / themes / setup. |
Affects WordPresses
|
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
fixed in version 4.7.5
|
References
Classification
| Type | SQLI |
| OWASP Top 10 | A1: Injection |
| CWE | CWE-89 |
Miscellaneous
| Submitter | Slavco |
| Submitter Website | https://medium.com/websec |
| Submitter Twitter | mslavco |
| Views | 14433 |
| Verified | No |
| WPVDB ID | 8906 |
Timeline
| Publicly Published | 2017-08-24 (about 2 years ago) |
| Added | 2017-09-20 (about 2 years ago) |
| Last Updated | 2018-08-29 (about 1 year ago) |
Our Other Services
| Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |
