MidnightBSD

Advisories for wysija_newsletters_project

CVE-2013-1408 MEDIUM

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
wysija_newsletters_project wysija_newsletters 2.0.2
wysija_newsletters_project wysija_newsletters 2.1.1
wysija_newsletters_project wysija_newsletters 2.1.6
wysija_newsletters_project wysija_newsletters 2.0.7
wysija_newsletters_project wysija_newsletters 2.1.5
wysija_newsletters_project wysija_newsletters 2.1.7
wysija_newsletters_project wysija_newsletters *
wysija_newsletters_project wysija_newsletters 2.0.8
wysija_newsletters_project wysija_newsletters 2.1.4
wysija_newsletters_project wysija_newsletters 2.0
wysija_newsletters_project wysija_newsletters 2.0.1
wysija_newsletters_project wysija_newsletters 2.1
wysija_newsletters_project wysija_newsletters 2.0.4
wysija_newsletters_project wysija_newsletters 2.0.6
wysija_newsletters_project wysija_newsletters 2.1.3
wysija_newsletters_project wysija_newsletters 2.0.5
wysija_newsletters_project wysija_newsletters 2.0.9
wysija_newsletters_project wysija_newsletters 2.0.9.5
wysija_newsletters_project wysija_newsletters 2.1.2
wysija_newsletters_project wysija_newsletters 2.0.3
wysija_newsletters_project wysija_newsletters 2.1.8
wysija_newsletters_project wysija_newsletters 2.1.9