Vulnerability Description
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | <= 4.2.3 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2015/08/04/7
- http://www.debian.org/security/2015/dsa-3332
- http://www.debian.org/security/2015/dsa-3383
- http://www.securityfocus.com/bid/76160
- http://www.securitytracker.com/id/1033178
- https://codex.wordpress.org/Version_4.2.4PatchVendor Advisory
- https://core.trac.wordpress.org/changeset/33555Patch
- https://core.trac.wordpress.org/changeset/33556
- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-relePatchVendor Advisory
- https://wpvulndb.com/vulnerabilities/8126
- http://openwall.com/lists/oss-security/2015/08/04/7
- http://www.debian.org/security/2015/dsa-3332
- http://www.debian.org/security/2015/dsa-3383
- http://www.securityfocus.com/bid/76160
- http://www.securitytracker.com/id/1033178
FAQ
What is CVE-2015-2213?
CVE-2015-2213 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is m...
How severe is CVE-2015-2213?
CVE-2015-2213 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2213?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.