CVE-2011-4669

SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wordpresswordpress-users
𝑥
≤ 1.3
wordpresswordpress-users
0.2
wordpresswordpress-users
0.9
wordpresswordpress-users
1.0
wordpresswordpress-users
1.1
wordpresswordpress-users
1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://plugins.trac.wordpress.org/changeset/448261/wordpress-users
http://secunia.com/advisories/46442
http://wordpress.org/extend/plugins/wordpress-users/
http://www.securityfocus.com/bid/50174
https://exchange.xforce.ibmcloud.com/vulnerabilities/70683
http://plugins.trac.wordpress.org/changeset/448261/wordpress-users
http://secunia.com/advisories/46442
http://wordpress.org/extend/plugins/wordpress-users/
http://www.securityfocus.com/bid/50174
https://exchange.xforce.ibmcloud.com/vulnerabilities/70683