ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple:Press Plugin 4.3.0 - SQL Injection Vulnerability

Product
Simple:Press
Description
This Simple:Press plugin is completely integrated and fully scaleable forum plugin for WordPress. Vulnerability in this plugin is that there search values are not filtered and inserted into SQL queries without using any quotes. And it is executed by Simple:Press.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 4.3.0
Fixed In 4.3.1
Disclosure date
2010-07-04
Credits
ADEO Security
Submitter
ThreatPress