Vulnerability Description
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Content Audit Project | Content Audit | 1.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128525/WordPress-Content-Audit-1.6-Blind-SQExploit
- http://seclists.org/fulldisclosure/2014/Oct/8Exploit
- http://www.securityfocus.com/bid/70214
- https://security.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-coExploit
- https://wordpress.org/plugins/content-audit/changelog
- http://packetstormsecurity.com/files/128525/WordPress-Content-Audit-1.6-Blind-SQExploit
- http://seclists.org/fulldisclosure/2014/Oct/8Exploit
- http://www.securityfocus.com/bid/70214
- https://security.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-coExploit
- https://wordpress.org/plugins/content-audit/changelog
FAQ
What is CVE-2014-5389?
CVE-2014-5389 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content type...
How severe is CVE-2014-5389?
CVE-2014-5389 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5389?
Check the references section above for vendor advisories and patch information. Affected products include: Content Audit Project Content Audit.