Threat Center 
Security News Wordspew Plugin for Wordpress
Security News Wordspew Plugin for Wordpress
| Wordspew Plugin for Wordpress |
 |
 |
| Written by Rebecca Mints |
| Monday, 04 February 2008 02:15 |
|
Wordspew Plugin for Wordpress "id" SQL Injection Vulnerability S@BUN has reported a vulnerability in the Wordspew plugin for Wordpress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the parameter "id" in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Solution: Edit the source code to ensure that input is properly sanitised. Provided and/or discovered by: S@BUN Original Advisory: http://milw0rm.com/exploits/5039 Critical: Elevated Moderately critical Impact: Manipulation of data Where: From remote Software: Wordspew (plugin for Wordpress) 3.x |