Description
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
Exploits (2)
exploitdb
WORKING POC
by Securely (Yoo Hee man) · textwebappsphp
https://www.exploit-db.com/exploits/35447
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98944
Exploit x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/1023572/google-document-embedder
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35371
Exploit x_refsource_misc
http://security.szurek.pl/google-doc-embedder-2514-sql-injection.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/115044
Scores
EPSS
0.0276
EPSS Percentile
86.1%
Details
CWE
CWE-89
Status
published
Products (1)
google_doc_embedder_project/google_doc_embedder
< 2.5.14
Published
Dec 02, 2014
Tracked Since
Feb 18, 2026