CVE-2012-5350
Description
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in Pay With Tweet WordPress plugin before 1.2 allows authenticated users with certain permissions to execute arbitrary SQL via the id parameter.
Vulnerability
The Pay With Tweet plugin for WordPress versions before 1.2 contains a SQL injection vulnerability in the paywithtweet shortcode. The id parameter is not properly sanitized before being used in SQL queries, allowing authenticated users with certain permissions to inject arbitrary SQL commands.
Exploitation
An attacker must be an authenticated WordPress user with permissions to use the paywithtweet shortcode. The attacker can craft a malicious id parameter value containing SQL injection payloads. The shortcode processes this parameter without proper sanitization, leading to SQL injection.
Impact
Successful exploitation allows the attacker to execute arbitrary SQL commands on the WordPress database, potentially leading to data exfiltration, modification, or deletion. The attacker can gain unauthorized access to sensitive information.
Mitigation
The plugin has been closed as of February 27, 2012, and is no longer available for download [1]. Users should remove the plugin immediately. The fixed version 1.2 was released but the plugin is permanently closed. No other workaround is available.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.