WordPress Plugin Mail Masta Multiple SQL Injection Vulnerabilities (1.0) - Vulnerability Database

WordPress Plugin Mail Masta Multiple SQL Injection Vulnerabilities (1.0)

Description

WordPress Plugin Mail Masta is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Mail Masta version 1.0 is vulnerable.

Remediation

Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available

References

https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin-SQL-Injection-Vulnerability

https://www.exploit-db.com/exploits/41438/

https://packetstormsecurity.com/files/141277/WordPress-Mail-Masta-1.0-SQL-Injection.html

Related Vulnerabilities

Severity

High

Classification

CVE-2017-6095

CVE-2017-6096

CVE-2017-6097

CVE-2017-6098

CVE-2017-6570

CVE-2017-6571

CVE-2017-6572

CVE-2017-6573

CVE-2017-6574

CVE-2017-6575

CVE-2017-6576

CVE-2017-6577

CVE-2017-6578

CWE-89

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N