WordPress Multiple SQL Injection Vulnerabilities
WordPress is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, particularly in wp-comments-post.php.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Attackers can use a browser to exploit these issues.
Currently there are no vendor-supplied patches. If you aware of more recent information, please comment.
WordPress 2.5 is vulnerable.
Other vulnerable versions:
WordPress 2.3.1
WordPress 2.2.3
WordPress 2.2.2
WordPress 2.2.1
WordPress 2.2.1
WordPress 2.1.3
WordPress 2.1.3
WordPress 2.1.2
WordPress 2.1.1
WordPress 2.0.10
WordPress 2.0.7
WordPress 2.0.6
WordPress 2.0.5
WordPress 2.0.4
WordPress 2.0.3
WordPress 2.0.2
WordPress 2.0.1
WordPress 2.0
WordPress 2.5
WordPress 2.3
WordPress 2.2 Revision 5003
WordPress 2.2 Revision 5002
WordPress 2.2
WordPress 2.1.3-RC2
WordPress 2.1.3-RC1
WordPress 2.1
WordPress 2.0.10-RC2
WordPress 2.0.10-RC1
(Credit: SecurityFocus.com)
More on CyberInsecure:
April 11th, 2008 at 3:00 am
Have you any details? Isn’t it only buzz rumors ?
April 11th, 2008 at 10:25 am
A very reputable security website has posted this vulnerability.
Waiting for additional news, POC’s or comments.
June 11th, 2008 at 7:43 pm
pleast visit http://www.php.net/manual/en/function.mysql-real-escape-string.php
to view best practice to prevent sql injections in php/mysql.. if wordpress does not use mysql_real_escape_string correctly or at all, this could be a serious issue for hundreds of thousands of wordpress installations! i’m staing notified to see if anyone else comments here.
June 12th, 2008 at 4:43 am
The issue was fixed in WP 2.5.1.
July 8th, 2008 at 9:25 pm
Does anyone have an example of this exploit? Or any other info on what it actually is?