Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin prior to 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQL commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wysija newsletters project wysija newsletters 2.1.4 |
||
wysija newsletters project wysija newsletters 2.1.3 |
||
wysija newsletters project wysija newsletters 2.0.7 |
||
wysija newsletters project wysija newsletters 2.0.6 |
||
wysija newsletters project wysija newsletters 2.1.8 |
||
wysija newsletters project wysija newsletters 2.1.7 |
||
wysija newsletters project wysija newsletters 2.1 |
||
wysija newsletters project wysija newsletters 2.1.6 |
||
wysija newsletters project wysija newsletters 2.1.5 |
||
wysija newsletters project wysija newsletters 2.0.9 |
||
wysija newsletters project wysija newsletters 2.0.8 |
||
wysija newsletters project wysija newsletters 2.0 |
||
wysija newsletters project wysija newsletters 2.0.9.5 |
||
wysija newsletters project wysija newsletters 2.0.3 |
||
wysija newsletters project wysija newsletters 2.0.2 |
||
wysija newsletters project wysija newsletters 2.0.1 |
||
wysija newsletters project wysija newsletters |
||
wysija newsletters project wysija newsletters 2.1.9 |
||
wysija newsletters project wysija newsletters 2.1.2 |
||
wysija newsletters project wysija newsletters 2.1.1 |
||
wysija newsletters project wysija newsletters 2.0.5 |
||
wysija newsletters project wysija newsletters 2.0.4 |