CVE-2013-5673

IndiaNIC Testimonial plugin 2.2 - SQL Injection via custom_query Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5673. PoCs published by RogueCoder.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in the Testimonial WordPress plugin (version 2.2), including XSS, CSRF, and SQL injection. It provides proof-of-concept forms to trigger these vulnerabilities via crafted input fields.

Description

SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.

Exploits (1)

exploitdb WORKING POC
by RogueCoder · textwebappsphp
https://www.exploit-db.com/exploits/28054

The exploit demonstrates multiple vulnerabilities in the Testimonial WordPress plugin (version 2.2), including XSS, CSRF, and SQL injection. It provides proof-of-concept forms to trigger these vulnerabilities via crafted input fields.

Classification
Working Poc 100%
Attack Type
Xss | Sqli | Csrf
Complexity
Trivial
Reliability
Reliable
Target: Testimonial WordPress plugin 2.2
No auth needed
Prerequisites: Access to the target WordPress site · Plugin installed and active
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/96793
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Sep/5
Exploit mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/531
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86847
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/28054
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/62108
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-09/0006.html

Scores

EPSS 0.0654
EPSS Percentile 92.9%

Details

CWE
CWE-89
Status published
Products (1)
indianic/testimonial_plugin 2.2
Published Sep 10, 2013
Tracked Since Feb 18, 2026