Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-2213

Published: 09/11/2015 Updated: 04/11/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Wordpress

Vulnerability Summary

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 4.2.3 and earlier multiple vulnerabilities
Debian Bug report logs - #794560 wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 423 and earlier multiple vulnerabilities Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: ...
Debian Security Advisories: DSA-3332-1 wordpress -- security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a bit more strict, which may affect your installation This is the correct ...
Debian Security Advisories: DSA-3383-1 wordpress -- security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a ...

Recent Articles

Wordpress issues second urgent patch in two weeks
The Register • Richard Chirgwin • 06 Aug 2015

Run your own WP instances? You know what to do

Weary Wordpress worker-bees are being asked to hit the "Update" button again. Just a couple of weeks after an XSS vulnerability forced a July 24th call to upgrade to Wordpress 4.2.3, a handy collection of vulns mean it's time to run in version 4.2.4. At least Wordpress has an easy upgrade mechanism. The new vulnerabilities patched in 4.2.4 include one that Check Point Software technologies rates as “critical”. That one, CVE-2015-2213, is an SQL injection vulnerability in Wordpress Comments t...

Read more...

References

CWE-89https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/https://core.trac.wordpress.org/changeset/33555https://core.trac.wordpress.org/changeset/33556https://codex.wordpress.org/Version_4.2.4http://openwall.com/lists/oss-security/2015/08/04/7http://www.securityfocus.com/bid/76160http://www.debian.org/security/2015/dsa-3332https://wpvulndb.com/vulnerabilities/8126http://www.securitytracker.com/id/1033178http://www.debian.org/security/2015/dsa-3383https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560https://www.debian.org/security/./dsa-3332
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook