CVE-2014-5182

Ostenta Yawpp - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

Exploits (1)

github WORKING POC 3 stars

by certuscyber · pythonpoc

https://github.com/certuscyber/cve-pocs/tree/main/CVE-2014-5182

View Code ZIP pw:eip

References (3)

[Exploit] http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-injection

[Patch] http://wordpress.org/plugins/yawpp/changelog/

[Exploit, Patch] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=834445%40yawpp&old=824042%40yawpp&sfp_email=&sfph_mail=#file36

Scores

EPSS 0.0371

EPSS Percentile 88.0%

Details

CWE

CWE-89

Status published

Products (1)

ostenta/yawpp 1.2

Published Aug 06, 2014

Tracked Since Feb 18, 2026