SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
Software | From | Fixed in |
---|---|---|
WordPress / wordpress | 1.0 | 1.0.x |
WordPress / wordpress | 1.0.1 | 1.0.1.x |
WordPress / wordpress | 1.0.2 | 1.0.2.x |
WordPress / wordpress | 1.2 | 1.2.x |
WordPress / wordpress | 1.5 | 1.5.x |
WordPress / wordpress | 1.5.1 | 1.5.1.x |
WordPress / wordpress | 1.5.1.2 | 1.5.1.2.x |