Vulnerability Details CVE-2013-1408
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.2%
CVSS Severity
CVSS v2 Score 6.5
References
- http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html
- http://osvdb.org/89924
- http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html
- http://www.securityfocus.com/bid/57775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81932
- https://www.htbridge.com/advisory/HTB23140
- http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html
- http://osvdb.org/89924
- http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html
- http://www.securityfocus.com/bid/57775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81932
- https://www.htbridge.com/advisory/HTB23140
Products affected by CVE-2013-1408
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.1
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.2
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.3
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.4
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.5
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.6
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.7
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.8
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.9
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.9.5
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.1
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.2
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.3
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.4
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.5
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.6
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.7
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.8
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.9
-
cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.2