ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Apptha Video Gallery Plugin <= 2.7 - SQL Injection

Product
Apptha Video Gallery
Description
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "vid" parameter in a rss action to wp-admin/admin-ajax.php.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2015-2065
Versions
Affected In <= 2.7
Fixed In 2.8
Disclosure date
2015-02-24
Credits
Claudio Viviani