ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Cart66 Lite Plugin <= 1.5.3 - SQL Injection

Product
Cart66 Lite
Description
This vulnerability allows authenticated users to execute arbitrary SQL commands via the "q" parameter in a promotionProductSearch action to wp-admin/admin-ajax.php.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2014-9442
Versions
Affected In <= 1.5.3
Fixed In 1.5.4
Disclosure date
2015-01-02