Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-03-24T14:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2013-01-19T00:00:00
Link: CVE-2013-1408
JSON object: View
NVD Information
Status : Modified
Published: 2014-03-24T16:43:02.003
Modified: 2017-08-29T01:33:09.357
Link: CVE-2013-1408
JSON object: View
Redhat Information
No data.
CWE