First published: Fri Dec 02 2011(Updated: )
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress Users | <=1.3 | |
WordPress Users | =0.2 | |
WordPress Users | =0.9 | |
WordPress Users | =1.0 | |
WordPress Users | =1.1 | |
WordPress Users | =1.2 | |
WordPress |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-4669 has a moderate severity level due to its potential for remote SQL injection attacks.
The best way to fix CVE-2011-4669 is to upgrade the WordPress Users plugin to version 1.4 or later.
CVE-2011-4669 affects WordPress Users plugin versions 1.3 and earlier, including versions 0.2, 0.9, 1.0, 1.1, and 1.2.
Yes, remote attackers can exploit CVE-2011-4669 to execute arbitrary SQL commands via the uid parameter.
CVE-2011-4669 involves the wp-users.php file in the WordPress Users plugin.