CVE-2015-2199 in Audio Playerinfo

Summary

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

ID	Vulnerability	CWE	Exp	Cou	CVE
74343	Wonderplugin Audio Player admin/ admin-ajax.php sql injection	89	Proof-of-Concept	Official fix	CVE-2015-2199

Reservation

03/03/2015

Disclosure

03/03/2015

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-2199
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-2199
CVE Details	https://www.cvedetails.com/cve/CVE-2015-2199/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!