Description

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.

Remediation

References

CVE-2015-2213

Related Vulnerabilities

WordPress Plugin Olevmedia Shortcodes Cross-Site Scripting (1.1.8)

MySQL CVE-2021-35546 Vulnerability (CVE-2021-35546)

WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.5)

PHP Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2020-7070)

Oracle Database Server Other Vulnerability (CVE-2006-1884)

Severity

High

Classification

CVE-2015-2213 CWE-138

Tags

Missing Update Known Vulnerabilities