MidnightBSD

Advisories for andrew_charlton

CVE-2009-4748 HIGH

SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
andrew_charlton my_category_order 2.7
andrew_charlton my_category_order 2.6.1
andrew_charlton my_category_order 2.6.1a
andrew_charlton my_category_order 2.7.1
andrew_charlton my_category_order *