NVD

Id
24324  
Name
CVE-2015-2199  
Description
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-03-03  
Modified Date
2015-03-04  
Seq
2015-2199  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
128768 24324 CVE-2015-2199 http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html  View
128769 24324 CVE-2015-2199 36086  View
128770 24324 CVE-2015-2199 http://www.wonderplugin.com/wordpress-audio-player/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6332 JVNDB-2015-001652 WordPress 用 WonderPlugin Audio Player プラグインにおける SQL インジェクションの脆弱性 WordPress 用 WonderPlugin Audio Player プラグインには、SQL インジェクションの脆弱性が存在します。 CVE-2015-2199 79424 CVE-2015-2199 24324 6.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001652.html 2015-01-21 2015-03-05 View