Vulnerability Description
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wp Rss Poster Plugin Project | Wp-Rss-Poster | 1.0.0 |
Related Weaknesses (CWE)
References
- http://codevigilant.com/disclosure/wp-plugin-wp-rss-poster-a1-injection/Exploit
- http://codevigilant.com/disclosure/wp-plugin-wp-rss-poster-a1-injection/Exploit
FAQ
What is CVE-2014-4938?
CVE-2014-4938 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp...
How severe is CVE-2014-4938?
CVE-2014-4938 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4938?
Check the references section above for vendor advisories and patch information. Affected products include: Wp Rss Poster Plugin Project Wp-Rss-Poster.