Auto Affiliate Links < 5.0 – Authenticated Blind SQL Injection

Affects Plugins

wp-auto-affiliate-links

Fixed in 5.0

References

URL

http://cinu.pl/research/wp-plugins/mail_7b99e11b07355f053777a04d6068f248.html

URL

http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

a3b75127-2de6-48f6-a2ab-13706677b94f

Timeline

Publicly Published

2015-07-15 (about 8 years ago)

Added

2015-11-24 (about 8 years ago)

Last Updated

2019-10-31 (about 4 years ago)

Other

Published

Title

Published

2016-04-08

Title

WP Multiple Meta Box 1.0 - Authenticated Blind SQL Injection

Published

2021-08-06

Title

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

Published

2017-06-04

Title

Event List <= 0.7.8 - Authenticated SQL Injection

Published

2014-08-01

Title

A Forms 1.4.0 - a-forms.php a_form_tracking_page FunctionMultiple Parameters SQL Injection

Published

2023-10-29

Title

Mail logging - WP Mail Catcher < 2.1.4 - Admin+ SQLi