CVE-2015-2292
Yoast SEO <= 1.7.3.3 - Blind SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
Múltiples vulnerabilidades inyección SQL en admin/class-bulk-editor-list-table.php en WordPress SEO por el plugin Yoast anterior a 1.5.7, 1.6.x anterior a 1.6.4, y 1.7.x anterior a 1.7.4 de WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de (1) order_by o (2) parámetro order en la página the wpseo_bulk-editor en wp-admin/admin.php. NOTA: esto se puede aprovechar mediante CSRF que permite a atacantes remotos ejecutar comandos SQL arbitrarios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-11 CVE Published
- 2015-03-13 CVE Reserved
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://wordpress.org/plugins/wordpress-seo/changelog | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/36413 | 2024-08-06 | |
http://packetstormsecurity.com/files/130811/WordPress-SEO-By-Yoast-1.7.3.3-SQL-Injection.html | 2024-08-06 | |
http://seclists.org/fulldisclosure/2015/Mar/73 | 2024-08-06 | |
http://www.securitytracker.com/id/1031920 | 2024-08-06 | |
https://wpvulndb.com/vulnerabilities/7841 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://yoast.com/wordpress-seo-security-release | 2016-12-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | <= 1.5.6 Search vendor "Yoast" for product "Wordpress Seo" and version " <= 1.5.6" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.6.0 Search vendor "Yoast" for product "Wordpress Seo" and version "1.6.0" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.6.1 Search vendor "Yoast" for product "Wordpress Seo" and version "1.6.1" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.6.2 Search vendor "Yoast" for product "Wordpress Seo" and version "1.6.2" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.6.3 Search vendor "Yoast" for product "Wordpress Seo" and version "1.6.3" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.7.1 Search vendor "Yoast" for product "Wordpress Seo" and version "1.7.1" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.7.2 Search vendor "Yoast" for product "Wordpress Seo" and version "1.7.2" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.7.3 Search vendor "Yoast" for product "Wordpress Seo" and version "1.7.3" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.7.3.1 Search vendor "Yoast" for product "Wordpress Seo" and version "1.7.3.1" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.7.3.2 Search vendor "Yoast" for product "Wordpress Seo" and version "1.7.3.2" | wordpress |
Affected
| ||||||
Yoast Search vendor "Yoast" | Wordpress Seo Search vendor "Yoast" for product "Wordpress Seo" | 1.7.3.3 Search vendor "Yoast" for product "Wordpress Seo" and version "1.7.3.3" | wordpress |
Affected
|