ThreatPress

WordPress Vulnerabilities Database

Back

WordPress StripShow Plugin <= 2.5.2 - SQL Injection

Product
StripShow
Description
Because of this vulnerability in the stripshow-storylines page, remote authenticated administrators can execute arbitrary SQL commands in an edit action to wp-admin/admin.php via the "story" parameter.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2014-5184
Versions
Affected In <= 2.5.2
Fixed In 2.5.3
Disclosure date
2014-08-06
Credits
Anant Shrivastava