vulnerability

WordPress Plugin: podlove-podcasting-plugin-for-wordpress: CVE-2017-12949: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Aug 7, 2017	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Aug 7, 2017

Added

May 15, 2025

Modified

May 15, 2025

Description

lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.

Solution

podlove-podcasting-plugin-for-wordpress-plugin-cve-2017-12949

References

URL-https://www.cve.org/CVERecord?id=CVE-2017-12949
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/da082107-1c71-4d18-a864-986807568de9?source=api-prod
CVE-2017-12949
https://attackerkb.com/topics/CVE-2017-12949

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today