CVE-2015-7517
Last modified
CVE-2015-7517 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.. EPSS estimates a 4.20% chance of exploitation in the next 30 days.
Description
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Labwebdesigns | Double Opt-In For Download | <= 2.0.8 |
References
- http://permalink.gmane.org/gmane.comp.security.oss.general/18255Third Party Advisory
- http://www.securityfocus.com/bid/78220Third Party Advisory, VDB Entry
- http://www.vapidlabs.com/advisory.php?v=157Third Party Advisory, VDB Entry
- https://wpvulndb.com/vulnerabilities/8345Third Party Advisory, VDB Entry
- http://permalink.gmane.org/gmane.comp.security.oss.general/18255Third Party Advisory
- http://www.securityfocus.com/bid/78220Third Party Advisory, VDB Entry
- http://www.vapidlabs.com/advisory.php?v=157Third Party Advisory, VDB Entry
- https://wpvulndb.com/vulnerabilities/8345Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-7517?
How severe is CVE-2015-7517?
How do I fix CVE-2015-7517?
Are you affected by CVE-2015-7517?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST