CVE-2014-5189

Lead Octopus - SQL Injection via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5189. PoCs published by Amirh03in.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in the Lead Octopus Power plugin for WordPress, where unsanitized user input in the 'id' parameter can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and a sample URL.

Description

SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Amirh03in · textwebappsphp
https://www.exploit-db.com/exploits/39269

The provided text describes an SQL injection vulnerability in the Lead Octopus Power plugin for WordPress, where unsanitized user input in the 'id' parameter can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and a sample URL.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Lead Octopus Power plugin for WordPress
No auth needed
Prerequisites: WordPress installation with Lead Octopus Power plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/109642
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68934
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94912

Scores

EPSS 0.0459
EPSS Percentile 90.4%

Details

CWE
CWE-89
Status published
Products (1)
leadoctopus/lead_octopus
Published Aug 07, 2014
Tracked Since Feb 18, 2026