Unrated severityNVD Advisory· Published Mar 26, 2010· Updated Jun 16, 2026
CVE-2009-4748
CVE-2009-4748
Description
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:andrew_charlton:my_category_order:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:andrew_charlton:my_category_order:*:*:*:*:*:*:*:*range: <=2.8
- cpe:2.3:a:andrew_charlton:my_category_order:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_charlton:my_category_order:2.6.1a:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_charlton:my_category_order:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_charlton:my_category_order:2.7.1:*:*:*:*:*:*:*
- (no CPE)range: <=2.8
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.