Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2013-1408

Vulnerability from fkie_nvd - Published: 2014-03-24 16:43 - Updated: 2025-04-12 10:46

Severity ?

Summary

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html	Exploit
cve@mitre.org	http://osvdb.org/89924
cve@mitre.org	http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/57775	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/81932
cve@mitre.org	https://www.htbridge.com/advisory/HTB23140	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/89924
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/57775	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/81932
af854a3a-2127-422b-91ae-364da2661108	https://www.htbridge.com/advisory/HTB23140	Exploit

Impacted products

Vendor	Product	Version
wysija_newsletters_project	wysija_newsletters	*
wysija_newsletters_project	wysija_newsletters	2.0
wysija_newsletters_project	wysija_newsletters	2.0.1
wysija_newsletters_project	wysija_newsletters	2.0.2
wysija_newsletters_project	wysija_newsletters	2.0.3
wysija_newsletters_project	wysija_newsletters	2.0.4
wysija_newsletters_project	wysija_newsletters	2.0.5
wysija_newsletters_project	wysija_newsletters	2.0.6
wysija_newsletters_project	wysija_newsletters	2.0.7
wysija_newsletters_project	wysija_newsletters	2.0.8
wysija_newsletters_project	wysija_newsletters	2.0.9
wysija_newsletters_project	wysija_newsletters	2.0.9.5
wysija_newsletters_project	wysija_newsletters	2.1
wysija_newsletters_project	wysija_newsletters	2.1.1
wysija_newsletters_project	wysija_newsletters	2.1.2
wysija_newsletters_project	wysija_newsletters	2.1.3
wysija_newsletters_project	wysija_newsletters	2.1.4
wysija_newsletters_project	wysija_newsletters	2.1.5
wysija_newsletters_project	wysija_newsletters	2.1.6
wysija_newsletters_project	wysija_newsletters	2.1.7
wysija_newsletters_project	wysija_newsletters	2.1.8
wysija_newsletters_project	wysija_newsletters	2.1.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "68458CCD-A3B0-47B2-9C6C-C4648E1AFE06",
              "versionEndIncluding": "2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "73383F7F-9157-4AA4-AF16-AEDF2A10A6EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.1:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "EB4BC18F-FBD9-44C2-96B9-12EEFB6B6D05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.2:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "C850DA99-5055-42B7-9345-7F26056EF9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.3:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "183FA6A5-D785-4612-9679-19D136D17CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.4:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "427C8B75-CF76-4353-AD2E-EB18D67998A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.5:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "49E0ADA8-D53A-48D3-B665-D29EE4AF958C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.6:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "90FAAAFD-C95E-4AFB-888F-849422022B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.7:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "445536EC-9EED-458A-BF53-7E6ED0BC87F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.8:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "927F1768-52F3-41D7-9DDA-7C026BF8C575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.9:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "846E055A-AF38-4810-A2F0-A226A4CAF68F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.0.9.5:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "AA2FC63C-13CF-436C-8E16-79E24159227D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "4864E75A-1E5C-48AD-A0A4-E7DB8237879A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.1:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "5D008FBA-31E1-48A2-8838-0FFFCD54EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.2:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "46C4B80B-BBC2-4E72-A9AF-9F2C90DCB85F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.3:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "A053A6A2-A75B-4429-9A6B-F5AB2A2036CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.4:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "0D801D84-093E-4FA0-8493-83C2BA722A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.5:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "C94C6016-3FB7-440C-9488-9263F9544561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.6:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "303DA405-4EBD-4F97-A050-1D657D7FDCEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.7:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "ACBB7258-AFB7-43A0-94D7-3240B6677148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.8:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "BCE8D893-0C50-43CC-936E-7CB0A10FAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:2.1.9:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "DC0B1FA3-4A65-438D-9419-9813D7097327",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el plugin Wysija Newsletters anterior a 2.2.1 para WordPress permiten a administradores remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) search o (2) orderby hacia wp-admin/admin.php.  NOTA: esto puede ser aprovechado utilizando CSRF para permitir atacantes remotos no autenticados ejecutar comandos SQL arbitrarios."
    }
  ],
  "id": "CVE-2013-1408",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-24T16:43:02.003",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/89924"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/57775"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/89924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/57775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23140"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-1408 (GCVE-0-2013-1408)

Vulnerability from cvelistv5 – Published: 2014-03-24 14:00 – Updated: 2024-08-06 14:57

Summary

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://packetstormsecurity.com/files/120089/WordP…	x_refsource_MISC
	https://www.htbridge.com/advisory/HTB23140	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/89924	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/57775	vdb-entryx_refsource_BID
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:05.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.htbridge.com/advisory/HTB23140"
          },
          {
            "name": "wp-wysijanewsletters-admin-sql-injection(81932)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
          },
          {
            "name": "89924",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/89924"
          },
          {
            "name": "57775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57775"
          },
          {
            "name": "20130206 SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.htbridge.com/advisory/HTB23140"
        },
        {
          "name": "wp-wysijanewsletters-admin-sql-injection(81932)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
        },
        {
          "name": "89924",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/89924"
        },
        {
          "name": "57775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57775"
        },
        {
          "name": "20130206 SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-1408",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
            },
            {
              "name": "https://www.htbridge.com/advisory/HTB23140",
              "refsource": "MISC",
              "url": "https://www.htbridge.com/advisory/HTB23140"
            },
            {
              "name": "wp-wysijanewsletters-admin-sql-injection(81932)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
            },
            {
              "name": "89924",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/89924"
            },
            {
              "name": "57775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/57775"
            },
            {
              "name": "20130206 SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-1408",
    "datePublished": "2014-03-24T14:00:00",
    "dateReserved": "2013-01-19T00:00:00",
    "dateUpdated": "2024-08-06T14:57:05.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1408 (GCVE-0-2013-1408)

Vulnerability from nvd – Published: 2014-03-24 14:00 – Updated: 2024-08-06 14:57

Summary

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://packetstormsecurity.com/files/120089/WordP…	x_refsource_MISC
	https://www.htbridge.com/advisory/HTB23140	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/89924	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/57775	vdb-entryx_refsource_BID
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:05.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.htbridge.com/advisory/HTB23140"
          },
          {
            "name": "wp-wysijanewsletters-admin-sql-injection(81932)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
          },
          {
            "name": "89924",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/89924"
          },
          {
            "name": "57775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57775"
          },
          {
            "name": "20130206 SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.htbridge.com/advisory/HTB23140"
        },
        {
          "name": "wp-wysijanewsletters-admin-sql-injection(81932)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
        },
        {
          "name": "89924",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/89924"
        },
        {
          "name": "57775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57775"
        },
        {
          "name": "20130206 SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-1408",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php.  NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/120089/WordPress-Wysija-Newsletters-2.2-SQL-Injection.html"
            },
            {
              "name": "https://www.htbridge.com/advisory/HTB23140",
              "refsource": "MISC",
              "url": "https://www.htbridge.com/advisory/HTB23140"
            },
            {
              "name": "wp-wysijanewsletters-admin-sql-injection(81932)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81932"
            },
            {
              "name": "89924",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/89924"
            },
            {
              "name": "57775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/57775"
            },
            {
              "name": "20130206 SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0030.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-1408",
    "datePublished": "2014-03-24T14:00:00",
    "dateReserved": "2013-01-19T00:00:00",
    "dateUpdated": "2024-08-06T14:57:05.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

3 vulnerabilities found for wysija_newsletters by wysija_newsletters_project

FKIE_CVE-2013-1408

CVE-2013-1408 (GCVE-0-2013-1408)

CVE-2013-1408 (GCVE-0-2013-1408)