CVE-2015-10124 MEDIUM

CVE-2015-10124: Most Popular Posts Widget Plugin functions.php show_views sql injection

Vendor N/A
Product Most Popular Posts Widget Plugin
Weakness CWE-89 · SQLi
Published October 2, 2023
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

October 2, 2023 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-9592 itsourcecode Apartment Management System bill_info.php sql injection CVE-2024-1203 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection CVE-2023-1675 SourceCodester School Registration and Fee System GET Parameter edit_stud.php sql injection CVE-2024-12942 1000 Projects Portfolio Management System MCA admin_login.php sql injection CVE-2024-13035 code-projects Chat System update_user.php sql injection