FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- XMLRPC SQL Injection

Affected packages
de-wordpress < 2.2.1
wordpress < 2.2.1
zh-wordpress < 2.2.1


VuXML ID 0838733d-1698-11dc-a197-0011098b2f36
Discovery 2007-06-06
Entry 2007-06-09
Modified 2007-06-24

Secunia reports:

Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "wp.suggestCategories" method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving usernames and password hashes, but requires valid user credentials and knowledge of the database table prefix.


Bugtraq ID 24344