CVE-2015-4018

FeedWordPress < 2015.0514 - Authenticated SQL Injection via link_ids[] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4018. PoCs published by Adrián M. F..

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in the FeedWordPress WordPress plugin (version 2015.0426). The vulnerability arises from improper sanitization of the 'link_ids[]' POST parameter, allowing attackers to execute arbitrary SQL queries.

Description

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Adrián M. F. · textwebappsphp
https://www.exploit-db.com/exploits/37067

This exploit demonstrates an authenticated SQL injection vulnerability in the FeedWordPress WordPress plugin (version 2015.0426). The vulnerability arises from improper sanitization of the 'link_ids[]' POST parameter, allowing attackers to execute arbitrary SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: FeedWordPress WordPress plugin 2015.0426
Auth required
Prerequisites: Authenticated access to WordPress admin panel · FeedWordPress plugin version 2015.0426 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://wordpress.org/plugins/feedwordpress/changelog/
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37067/
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/May/75

Scores

EPSS 0.0375
EPSS Percentile 88.5%

Details

CWE
CWE-89
Status published
Products (1)
feedwordpress_project/feedwordpress < 2014.0805
Published May 21, 2015
Tracked Since Feb 18, 2026