WordPress Plugin Vulnerabilities

Wysija Newsletters 2.2 - SQL Injection

Description

The MailPoet Newsletters (Previous) WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wysija-newsletters
Fixed in 2.2.1

References

CVE
CVE-2013-1408
URL
https://packetstormsecurity.com/files/#120089/
URL
https://www.immuniweb.com/advisory/HTB23140
URL
https://seclists.org/bugtraq/2013/Feb/29
URL
https://cxsecurity.com/issue/WLB-2013020039

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
1b999799-c9d4-435b-8c49-bff21c4cfe45

Timeline

Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2022-02-28
Title
NotificationX < 2.3.12 - Unauthenticated SQLi
Published
2021-07-24
Title
Edit Comments <= 0.3 - Unauthenticated SQL Injection
Published
2023-09-22
Title
iPanorama 360 – WordPress Virtual Tour Builder < 1.8.0 - Authenticated (Admin+) SQL injection
Published
2023-01-13
Title
Custom 404 Pro < 3.7.1 - Admin+ SQLi
Published
2014-08-01
Title
UPM-POLLS 1.0.4 - BLIND SQL injection