SQL Injection Vulnerabilities in Yawpp Plugin 1.2 for WordPress

SQL Injection Vulnerabilities in Yawpp Plugin 1.2 for WordPress

CVE-2014-5182 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

Learn more about our Wordpress Pen Testing.