Unrated severityNVD Advisory· Published Jun 1, 2005· Updated Apr 16, 2026

CVE-2005-1810

Description

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/WordPress2 versions
cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
- (no CPE)range: =1.5.1
Package: https://wordpress.org/plugins/wordpress

Patches

Vulnerability mechanics

Root cause

"Missing input sanitization on the $cat_ID variable allows SQL injection."

Attack vector

A remote attacker sends a crafted HTTP request to `index.php` with a malicious `cat` parameter containing SQL injection payloads [ref_id=1]. The `$cat_ID` variable, derived from the `cat` parameter, is passed unsanitized into a SQL query in `template-functions-category.php`, allowing arbitrary SQL command execution. The attack requires the site to be running the default template and does not require authentication.

Affected code

The vulnerability is in `wp-includes/template-functions-category.php` in WordPress 1.5.1, specifically in the `get_the_category_by_ID` function around line 103 [ref_id=1]. The `$cat_ID` variable is used directly in a SQL query without sanitization.

What the fix does

The fix adds `$cat_ID = (int) $cat_ID;` on a new line after the `get_the_category_by_ID` function declaration in `wp-includes/template-functions-category.php` [ref_id=1]. This casts the variable to an integer, ensuring that any non-numeric input is converted to zero, which prevents SQL injection by eliminating the possibility of injecting string-based SQL payloads through the `$cat_ID` parameter.

Preconditions

configThe WordPress site must be running version 1.5.1 with the default template.
networkThe attacker must be able to send HTTP requests to the target WordPress instance.
inputThe attacker supplies a malicious 'cat' parameter in the query string to index.php.

Reproduction

The advisory does not include a public PoC or reproduction steps beyond noting the `cat` parameter to `index.php` is the attack vector [ref_id=1].

Generated on Jun 16, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

secunia.com/advisories/15517nvdPatch
wordpress.org/development/2005/05/security-update/nvdVendor Advisory
bugs.gentoo.org/show_bug.cginvd
marc.infonvd
security.gentoo.org/glsa/glsa-200506-04.xmlnvd
www.osvdb.org/16905nvd
www.securityfocus.com/bid/13809nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000