ThreatPress

WordPress Vulnerabilities Database

Back

WordPress All In One WP Security & Firewall Plugin <= 3.8.7 - SQL Injection

Product
All In One WP Security & Firewall
Description
Because of this SQL Injection vulnerability, attackers can execute arbitrary SQL commands via unspecified vectors.
Solution
Upgrade the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2015-0894
Versions
Affected In <= 3.8.7
Fixed In 3.8.8
Disclosure date
2015-01-08