CVE-2014-5182
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0371 (3.7%)
Percentil: 88.0%
EPSS: 2026-05-06
Afecta
ostenta:yawppDescripción técnica
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
Publicada: 6/8/2014, 19:55:04
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-injection
- http://wordpress.org/plugins/yawpp/changelog/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=834445%40yawpp&old=824042%40yawpp&sfp_email=&sfph_mail=#file36
- http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-injection
- http://wordpress.org/plugins/yawpp/changelog/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=834445%40yawpp&old=824042%40yawpp&sfp_email=&sfph_mail=#file36