WordPress < 2.1.4 'admin-ajax.php' SQLi
Medium Nessus Network Monitor Plugin ID 3995
SynopsisThe remote host is vulnerable to a SQL injection attack.
DescriptionThe version of WordPress installed on the remote host is vulnerable to a SQL injection attack.
An attacker exploiting this flaw would only need to be able to send data to the 'wp-admin/admin-ajax.php' script. Successful exploitation would result in the attacker executing SQL commands on the remote database server
SolutionUpgrade to WordPress 2.1.4, or later.