Wordspew Plugin has security vulnerability
February 9, 2008 – 10:52 pm | by Miriam SchwabSecunia has reported an “id” SQL injection vulnerability in the WordSpew plugin for WordPress. Here’s the description of the vulnerability:
DESCRIPTION: S@BUN has reported a vulnerability in the Wordspew plugin for Wordpress, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the parameter “id” in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Read more about the vulnerability here.
