Description
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
Remediation
References
Related Vulnerabilities
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)
WordPress Plugin WP Flow Plus Unspecified Vulnerability (2.2.0)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000395)
WordPress Plugin Embed Swagger Cross-Site Scripting (1.0.0)
WordPress Plugin Login with Azure (Azure SSO) Cross-Site Scripting (1.4.4)