Vulnerability Details : CVE-2015-10122
A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.5 is able to address this issue. The identifier of the patch is 019114cb788d954c5d1b36d6c62418619e93a757. It is recommended to upgrade the affected component. The identifier VDB-234249 was assigned to this vulnerability.
Vulnerability category: Sql Injection
Products affected by CVE-2015-10122
- cpe:2.3:a:wp_donate_project:wp_donate:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-10122
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-10122
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
VulDB | |
6.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | |
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | 2024-02-29 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-10122
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by: cna@vuldb.com (Primary)
References for CVE-2015-10122
-
https://vuldb.com/?id.234249
CVE-2015-10122: wp-donate Plugin donate-display.php sql injectionThird Party Advisory
-
https://vuldb.com/?ctiid.234249
CVE-2015-10122: wp-donate Plugin donate-display.php sql injectionPermissions Required;Third Party Advisory
-
https://github.com/wp-plugins/wp-donate/commit/019114cb788d954c5d1b36d6c62418619e93a757
made changes in sql query to fix sql injection vulnerabilities by usi… · wp-plugins/wp-donate@019114c · GitHubPatch
Jump to