Vulnerability Description
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Labwebdesigns | Double Opt-In For Download | <= 2.0.8 |
Related Weaknesses (CWE)
References
- http://permalink.gmane.org/gmane.comp.security.oss.general/18255Third Party Advisory
- http://www.securityfocus.com/bid/78220Third Party AdvisoryVDB Entry
- http://www.vapidlabs.com/advisory.php?v=157Third Party AdvisoryVDB Entry
- https://wpvulndb.com/vulnerabilities/8345Third Party AdvisoryVDB Entry
- http://permalink.gmane.org/gmane.comp.security.oss.general/18255Third Party Advisory
- http://www.securityfocus.com/bid/78220Third Party AdvisoryVDB Entry
- http://www.vapidlabs.com/advisory.php?v=157Third Party AdvisoryVDB Entry
- https://wpvulndb.com/vulnerabilities/8345Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-7517?
CVE-2015-7517 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-d...
How severe is CVE-2015-7517?
CVE-2015-7517 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-7517?
Check the references section above for vendor advisories and patch information. Affected products include: Labwebdesigns Double Opt-In For Download.