CyberSec.Space Logo
Back to CVE Browser

CVE-2015-4064

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile24.83th
PublishedMay 27, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.

Affected Platforms (CPE)

πŸ“¦
Landing Pages Project

Landing Pages

<= 1.8.4

References & Advisories

πŸ”— http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
πŸ”— http://www.securityfocus.com/bid/74777
πŸ”— https://wordpress.org/plugins/landing-pages/changelog/
πŸ”— https://www.exploit-db.com/exploits/37108/
πŸ”— http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
πŸ”— http://www.securityfocus.com/bid/74777
πŸ”— https://wordpress.org/plugins/landing-pages/changelog/
πŸ”— https://www.exploit-db.com/exploits/37108/

Related Vulnerabilities

CVE-2015-52278.8

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.

CVE-2019-130477.8

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allo...

CVE-2013-62437.5

SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers ...

CVE-2021-472777.1

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslo...