CVE-2014-4939

ENL Newsletter <1.0.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4939. PoCs published by Anant Shrivastava.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the ENL Newsletter WordPress plugin. The PoC provides a URL with a crafted SQL query to extract database information such as version, user, and database name.

Description

SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Anant Shrivastava · textwebappsphp

https://www.exploit-db.com/exploits/39253

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in the ENL Newsletter WordPress plugin. The PoC provides a URL with a crafted SQL query to extract database information such as version, user, and database name.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ENL Newsletter WordPress plugin 1.0.1

No auth needed

Prerequisites: Access to the vulnerable WordPress admin page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection/

Scores

EPSS 0.0229

EPSS Percentile 81.0%

Details

CWE

CWE-89

Status published

Products (1)

enl_newsletter_plugin_project/enl-newsletter 1.0.1

Published Jul 11, 2014

Tracked Since Feb 18, 2026