Description
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Adrián M. F. · textwebappsphp
https://www.exploit-db.com/exploits/37067
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://wordpress.org/plugins/feedwordpress/changelog/
Exploit exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/37067/
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/May/75
Exploit x_refsource_misc
http://packetstormsecurity.com/files/131974/WordPress-FeedWordPress-2015.0426-SQL-Injection.html
Scores
EPSS
0.0251
EPSS Percentile
85.4%
Details
CWE
CWE-89
Status
published
Products (1)
feedwordpress_project/feedwordpress
< 2014.0805
Published
May 21, 2015
Tracked Since
Feb 18, 2026