← Back to CVE List

CVE-2017-12949

Published: 2017-08-18T18:29Z
Last Modified: 2024-11-21T03:10Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt