ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Related Sites Plugin 2.1 - Blind SQL Injection Vulnerability

Product
Related Sites
Description
A critical blind SQL vulnerability has been discovered in the WordPress Plugin Related Sites plugin. User input is not being sanitized in BTE_RW_webajax.php file (line 27), therefore the attacker can inject SQL via POST.
Solution
Update plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-2009-2383
Versions
Affected In <= 2.1
Fixed In 2.2
Disclosure date
2009-06-30
Credits
eLwaux