Arbitrary SQL Command Execution in WordPress Users Plugin 1.3 and Earlier

Arbitrary SQL Command Execution in WordPress Users Plugin 1.3 and Earlier

CVE-2011-4669 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.

Learn more about our Wordpress Pen Testing.