02 Mar 2015
CVE-2015-2199 Vulnerability
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (CVSS:6.5) (Last Update:2015-03-04)
Vulnerability Details : (1 public exploit) Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. Publish Date : 2015-03-03 Last Update Date : 2015-03-04 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2015-2199
- Number Of Affected Versions By Product
- References For CVE-2015-2199
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2015-2199There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |