Description
WordPress Plugin WP-DBManager is prone to multiple vulnerabilities, which can be exploited by malicious users to execute arbitrary commands in the context of the application or to disclose sensitive information, because it fails to properly sanitize user-supplied input. WordPress Plugin WP-DBManager version 2.71 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.72 or latest
References
http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
http://seclists.org/oss-sec/2014/q4/365
Related Vulnerabilities
WordPress Plugin Simple Membership Cross-Site Request Forgery (3.8.4)
WordPress Plugin Link Library 'searchll' Parameter SQL Injection (5.2.1)
Jboss EAP Improper Input Validation Vulnerability (CVE-2014-0034)
WordPress Plugin Bilingual Linker Cross-Site Scripting (2.1.1)
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)