ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Add Edit Delete Listing Module plugin 1.0 - Blind SQL Injection vulnerability

Product
Add Edit Delete Listing Module
Description
Blind SQL Injection vulnerability found by Larry W. Cashdollar in WordPress Add Edit Delete Listing Module plugin 1.0 version. Passing unsanitized user supplied input via $act into an SQL statement. This vulnerability allows a user logged in as administrator to inject SQL statements into the query.
Solution
The plugin already removed from WordPress plugin directory, patched version unavailable (2017.08.17).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Vapidlabs
CVE
Name CVE-N/A
Versions
Affected In 1.0
Disclosure date
2017-08-17
Credits
Larry W. Cashdollar
Submitter
ThreatPress