Description

SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

Remediation

References

CVE-2008-4625

Related Vulnerabilities

WordPress Plugin Tablesome-Responsive Table, Woocommerce Automation, Email Log, Form Automation-Contact Form 7, Elementor, WPForms, Forminator Cross-Site Scripting (1.0.27)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7572)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)

WordPress Plugin Thrive Comments Security Bypass (1.4.15.2)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)

Severity

High

Classification

CVE-2008-4625 CWE-138

Tags

Missing Update Known Vulnerabilities