QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4018

Published: May 21, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wordpress.org/plugins/feedwordpress/changelog/

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

20150519 SQLi in FeedWordPress WordPress plugin

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/131974/WordPress-FeedWordPress-2015.0426-SQL-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.