Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/06/2017 Updated: 13/08/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
goldplugins testimonials plugin easy testimonials 3.4.1

# Exploit Title: WP-Testimonials < 341 Union Based SQL Injection # Date: 03-06-2017 # Exploit Author: Dimitrios Tsagkarakis # Website: dtsaeu # Software Link: en-gbwordpressorg/plugins/wp-testimonials/ # Vendor Homepage: wwwsunfrogservicescom/web-programmer/wp-testimonials/ # Version: 341 # CVE : CVE-2017-9418 # Categor ...

WordPress WP-Testimonials plugin versions prior to 341 suffer from a remote SQL injection vulnerability ...

CWE-89 https://wpvulndb.com/vulnerabilities/8845 https://www.exploit-db.com/exploits/42166/https://nvd.nist.gov https://www.exploit-db.com/exploits/42166/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-9418

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect