ThreatPress

WordPress Vulnerabilities Database

Back

WordPress 3.1.3 - SQL Injection Vulnerabilities

Product
WordPress
Description
Because of insufficient input validation in certain functions of WordPress it is possible to inject arbitrary SQL commands with the "Editor" role. In this way an attacker gets access to all records stored in database.
Solution
Update to version 3.1.4.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 3.1.3
Fixed In 3.1.4
Disclosure date
2011-07-01
Credits
SEC Consult