Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 2.1.3 'xmlrpc.php' SQLi

Medium

Synopsis

The remote host is vulnerable to a SQL Injection attack.

Description

The version of WordPress installed on the remote host is vulnerable to a SQL injection attack. An attacker exploiting this flaw would need to have the ability to authenticate to WordPress. Upon authentication, the attacker would send a malformed query that, when processed, would execute arbitrary SQL commands on the WordPress database.

Solution

Upgrade to WordPress 2.1.3, or later.