Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

WordPress WP-Predict Plugin 'index.php' Script Multiple SQL Injection Vulnerabilities

http://www.securityfocus.com/bid/54370

Security Info

Bugtraq ID: 54370
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jul 10 2012 12:00AM
Updated: Jul 11 2012 11:10AM
Credit: Chris Kellum
Vulnerable:
Not Vulnerable:

Security Discussion

The WP-Predict plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WP-Predict 1.0 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

Attackers can use a browser to exploit these issues.

Security Solution(s)

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: vuldb@securityfocus.com.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 22, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services