wordpress

• Author: Miklos Vajna
• Vulnerable: 3.1.3-1nexon1
• Unaffected: 3.1.4-1nexon1

Multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and conduct SQL injection attacks.

1. An unspecified error can be exploited to gain further access to the site.
2. Input passed via the “order” and “orderby” parameters to wp-admin/link-manager.php and wp-admin/edit-tags.php is not properly sanitised in wp-includes/taxonomy.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires the “Editor” role.

• Bug Tracker URL: http://bugs.frugalware.org/task/4522

CVEs:

• No CVE, see http://wordpress.org/news/2011/06/wordpress-3-1-4/