- WordPress is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. WordPress version 2.1.3 is vulnerable; other versions may also be affected.
- Update to WordPress version 2.2 or latest
- WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)
- WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3)
- WordPress Plugin WP e-Commerce-Store Toolkit Privilege Escalation (2.0.1)
- WordPress Plugin WP-SpamFree Anti-Spam Cross-Site Scripting (220.127.116.11)
- WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.8)