SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
Run your own WP instances? You know what to do
Weary Wordpress worker-bees are being asked to hit the "Update" button again. Just a couple of weeks after an XSS vulnerability forced a July 24th call to upgrade to Wordpress 4.2.3, a handy collection of vulns mean it's time to run in version 4.2.4. At least Wordpress has an easy upgrade mechanism. The new vulnerabilities patched in 4.2.4 include one that Check Point Software technologies rates as “critical”. That one, CVE-2015-2213, is an SQL injection vulnerability in Wordpress Comments t...