oss-sec mailing list archives
Re: CVE request: SQLi in FeedWordPress - WordPress plugin
From: cve-assign () mitre org
Date: Mon, 18 May 2015 18:50:59 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I discovered a SQLi in a WordPress plugin: * SQL injection vulnerability in FeedWordPress * vulnerable version: 2015.0426 * patched version: 2015.0514 * changelog: https://wordpress.org/plugins/feedwordpress/changelog/ Download Version 2015.0514 fixes a security vulnerability that was reported to me privately (thanks to Adrian M. F.) which, under other low-probability conditions, could allow for SQL insertion attacks by a malicious user with access to login credentials, which would compromise data security.
Use CVE-2015-4018. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVWmxeAAoJEKllVAevmvmsTqkH/3u2Nj6ymKh821/xE6QmzDb4 91DqYFzchK862aguT5iRkegxw1eKH+4e1UH4hAyP3sbxfeI6qiqd6BTFwyXyH+X9 e5u/OPDtXDaz+T42+TTVgrg47RTlBI1HsKBwAFgmWzNc/8m/gIW7BwRudxILeCx5 nFTgKZ9XGnUyhmerrwyQd1D4m3cE4221NM4/M7H7qlx4DmL8kGaTOr6L/scUPp5y Vw/+q7m0MH7ckIBJO8MiACAHRs5G2EQMIE4LqevyDsY36oYpxmMCzlsV1s7OaW60 XuR3BAx8BbvH23sjCw++S/rAKZZCLltIa6gZkqB4Ini74fhZisISYXB3KXQfTX4= =W440 -----END PGP SIGNATURE-----
Current thread:
- CVE request: SQLi in FeedWordPress - WordPress plugin Adrián M . F . (May 18)
- Re: CVE request: SQLi in FeedWordPress - WordPress plugin cve-assign (May 18)