WordPress < 2.1.3 'xmlrpc.php' SQLi
Medium Nessus Network Monitor Plugin ID 3959
SynopsisThe remote host is vulnerable to a SQL Injection attack.
DescriptionThe version of WordPress installed on the remote host is vulnerable to a SQL injection attack. An attacker exploiting this flaw would need to have the ability to authenticate to WordPress. Upon authentication, the attacker would send a malformed query that, when processed, would execute arbitrary SQL commands on the WordPress database.
SolutionUpgrade to WordPress 2.1.3, or later.