CVE-2012-2109 in BuddyPress plugininfo

Summary

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

04/04/2012

Disclosure

09/04/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
62009BuddyPress BuddyPress plugin wp-load.php sql injection89Proof-of-ConceptOfficial fixCVE-2012-2109

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!