Description

SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

Remediation

References

CVE-2008-4625

Related Vulnerabilities

OpenSSL CVE-2021-4160 Vulnerability (CVE-2021-4160)

Zenphoto Improper Privilege Management Vulnerability (CVE-2018-0610)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3595)

axios Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-1214)

WordPress 4.0.x Cross-Site Scripting Vulnerability (4.0 - 4.0.8)

Severity

High

Classification

CVE-2008-4625 CWE-138

Tags

Missing Update Known Vulnerabilities