CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Wysija Newsletters Project: Security Vulnerabilities

CVE-2013-1408

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

CVSS Score

6.5

EPSS Score

0.026

Published

2014-03-24

Page 1

Vulnerabilities

Vulnerable Software

Wysija Newsletters Project: Security Vulnerabilities

Products

Pricing

Contact Us