Description
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
Remediation
References
Related Vulnerabilities
WordPress Plugin Mobile Events Manager CSV Injection (1.4.7)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3554)
OpenVPN AS Divide By Zero Vulnerability (CVE-2023-46849)
WordPress 4.5.x PHP Object Injection (4.5 - 4.5.23)
WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)