CVE-2013-1408

Wysija Newsletters < 2.2.1 - Authenticated SQL Injection via Search or Orderby Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1408. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the Wysija Newsletters WordPress plugin. The payload uses the `load_file` function to read the MySQL version and append a path, confirming the vulnerability.

Description

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/38297

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the Wysija Newsletters WordPress plugin. The payload uses the `load_file` function to read the MySQL version and append a path, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Wysija Newsletters Plugin for WordPress 2.2

Auth required

Prerequisites: Access to the WordPress admin panel · Wysija Newsletters plugin installed and vulnerable version in use

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23140

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/81932

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/89924

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/57775

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html

Scores

EPSS 0.0431

EPSS Percentile 89.9%

Details

CWE

CWE-89

Status published

Products (22)

wysija_newsletters_project/wysija_newsletters 2.0

wysija_newsletters_project/wysija_newsletters 2.0.1

wysija_newsletters_project/wysija_newsletters 2.0.2

wysija_newsletters_project/wysija_newsletters 2.0.3

wysija_newsletters_project/wysija_newsletters 2.0.4

wysija_newsletters_project/wysija_newsletters 2.0.5

wysija_newsletters_project/wysija_newsletters 2.0.6

wysija_newsletters_project/wysija_newsletters 2.0.7

wysija_newsletters_project/wysija_newsletters 2.0.8

wysija_newsletters_project/wysija_newsletters 2.0.9

... and 12 more

Published Mar 24, 2014

Tracked Since Feb 18, 2026