CVE-2011-3130 — SQL Injection in Wordpress

CWE-89 — SQL Injection4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedAug 10

Latest updateMay 17

Description

wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.2.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.2.1+dfsg-1+3

▶NVDwordpress/wordpress4 versions+3

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-543p-gmpw-vvc3: wp-includes/taxonomy↗2022-05-17

▶

OSV

CVE-2011-3130: wp-includes/taxonomy↗2011-08-10

▶

📋Vendor Advisories

Debian

CVE-2011-3130: wordpress - wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has...↗2011

▶