oss-sec mailing list archives

Re: CVE request: SQLi in FeedWordPress - WordPress plugin

From: cve-assign () mitre org
Date: Mon, 18 May 2015 18:50:59 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I discovered a SQLi in a WordPress plugin:

* SQL injection vulnerability in FeedWordPress
* vulnerable version: 2015.0426
* patched version: 2015.0514
* changelog: https://wordpress.org/plugins/feedwordpress/changelog/

Download Version 2015.0514

fixes a security vulnerability that was reported to me privately
(thanks to Adrian M. F.) which, under other low-probability
conditions, could allow for SQL insertion attacks by a malicious user
with access to login credentials, which would compromise data
security.


Use CVE-2015-4018.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVWmxeAAoJEKllVAevmvmsTqkH/3u2Nj6ymKh821/xE6QmzDb4
91DqYFzchK862aguT5iRkegxw1eKH+4e1UH4hAyP3sbxfeI6qiqd6BTFwyXyH+X9
e5u/OPDtXDaz+T42+TTVgrg47RTlBI1HsKBwAFgmWzNc/8m/gIW7BwRudxILeCx5
nFTgKZ9XGnUyhmerrwyQd1D4m3cE4221NM4/M7H7qlx4DmL8kGaTOr6L/scUPp5y
Vw/+q7m0MH7ckIBJO8MiACAHRs5G2EQMIE4LqevyDsY36oYpxmMCzlsV1s7OaW60
XuR3BAx8BbvH23sjCw++S/rAKZZCLltIa6gZkqB4Ini74fhZisISYXB3KXQfTX4=
=W440
-----END PGP SIGNATURE-----

Current thread:

CVE request: SQLi in FeedWordPress - WordPress plugin Adrián M . F . (May 18)
- Re: CVE request: SQLi in FeedWordPress - WordPress plugin cve-assign (May 18)