CVE-2008-0682

Wordpress Wordspew < 3.71 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by S@BUN · textwebappsphp

https://www.exploit-db.com/exploits/5039

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5039

Various Sources x_refsource_confirm

http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27583

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28767

Scores

EPSS 0.0074

EPSS Percentile 73.0%

Details

CWE

CWE-89

Status published

Products (39)

wordpress/wordspew 1.6

wordpress/wordspew 1.7

wordpress/wordspew 1.8

wordpress/wordspew 2.0

wordpress/wordspew 2.1

wordpress/wordspew 2.2

wordpress/wordspew 2.3

wordpress/wordspew 2.5

wordpress/wordspew 2.6

wordpress/wordspew 2.7

... and 29 more

Published Feb 12, 2008

Tracked Since Feb 18, 2026