WordPress Plugin Vulnerabilities

All In One WP Security plugin 3.8.2 - 2xSQL Injections

Description

The All In One WP Security & Firewall WordPress plugin was affected by a 2xSQL Injections security vulnerability.

Affects Plugins

Plugin icon
all-in-one-wp-security-and-firewall
Fixed in 3.8.3

References

CVE
CVE-2014-6242
URL
https://www.securityfocus.com/archive/1/533519
URL
https://www.immuniweb.com/advisory/HTB23231

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
5398c513-15c7-40ef-8e77-ddcb73174956

Timeline

Publicly Published
2014-09-26 (about 9 years ago)
Added
2014-09-26 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2023-04-05
Title
Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection
Published
2017-08-24
Title
WordPress 2.3.0-4.7.4 - Authenticated SQL injection
Published
2014-08-01
Title
fGallery 2.4.1 - fimrss.php SQL Injection
Published
2014-08-01
Title
Link Library 5.1.6 - link-library-ajax.php Multiple Parameter SQL Injection
Published
2017-09-02
Title
SQL Shortcode <= 1.1 - Authenticated SQL Execution