Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 2.1.4 'admin-ajax.php' SQLi

Medium

Synopsis

The remote host is vulnerable to a SQL injection attack.

Description

The version of WordPress installed on the remote host is vulnerable to a SQL injection attack.

An attacker exploiting this flaw would only need to be able to send data to the 'wp-admin/admin-ajax.php' script. Successful exploitation would result in the attacker executing SQL commands on the remote database server

Solution

Upgrade to WordPress 2.1.4, or later.