Unrated severityNVD Advisory· Published Sep 4, 2012· Updated Apr 29, 2026
CVE-2012-2109
CVE-2012-2109
Description
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Affected products
6cpe:2.3:a:buddypress:buddypress:1.5:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:buddypress:buddypress:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:buddypress:buddypress:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:buddypress:buddypress:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:buddypress:buddypress:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:buddypress:buddypress:1.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:buddypress:buddypress:1.5.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- buddypress.org/2012/03/buddypress-1-5-5/nvdPatchVendor Advisory
- seclists.org/bugtraq/2012/Apr/4nvdExploit
- www.exploit-db.com/exploits/18690nvdExploit
- www.openwall.com/lists/oss-security/2012/04/15/2nvdExploit
- osvdb.org/80763nvd
- www.openwall.com/lists/oss-security/2012/04/16/10nvd
News mentions
0No linked articles in our index yet.