Description
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
Exploits (1)
exploitdb
WORKING POC
by Yarubo Research Team · textwebappsphp
https://www.exploit-db.com/exploits/33613
References (7)
Core 7
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html
Exploit, URL Repurposed x_refsource_misc
https://www.yarubo.com/advisories/1
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/33613
Patch x_refsource_confirm
https://wordpress.org/plugins/participants-database/changelog
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jun/0
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/107626
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67769
Scores
EPSS
0.0593
EPSS Percentile
90.7%
Details
CWE
CWE-89
Status
published
Products (9)
xnau/participants_database
1.5.4
xnau/participants_database
1.5.4.1
xnau/participants_database
1.5.4.2
xnau/participants_database
1.5.4.3
xnau/participants_database
1.5.4.4
xnau/participants_database
1.5.4.5
xnau/participants_database
1.5.4.6
xnau/participants_database
1.5.4.7
xnau/participants_database
< 1.5.4.8
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026