WordPress Plugin Vulnerabilities

All In One WP Security & Firewall <= 3.8.7 - SQL Injection

Description

The All In One WP Security & Firewall WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
all-in-one-wp-security-and-firewall
Fixed in 3.8.8

References

CVE
CVE-2015-0894
URL
https://jvn.jp/en/jp/JVN30832515/index.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e9ec51db-a603-4a8f-90b6-653e8a2978d8

Timeline

Publicly Published
2015-03-09 (about 9 years ago)
Added
2015-03-09 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2024-03-28
Title
ProfileGrid < 5.7.9 - Authenticated (Subscriber+) SQL Injection
Published
2022-10-04
Title
WooCommerce Products Vendor < 2.1.66 - Unauthenticated Blind SQLi
Published
2023-12-21
Title
GeoDirectory < 2.3.29 - Authenticated(Administrator+) SQL Injection
Published
2022-01-05
Title
Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection
Published
2022-12-06
Title
Build App Online < 1.0.19 - Unauthenticated SQL Injection