Unrated severityNVD Advisory· Published Jun 4, 2014· Updated Jun 17, 2026
CVE-2014-3961
CVE-2014-3961
Description
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:xnau:participants_database:1.5.4.1:*:*:*:*:wordpress:*:*+ 8 more
- cpe:2.3:a:xnau:participants_database:1.5.4.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:*:*:*:*:*:wordpress:*:*range: <=1.5.4.8
- Range: <1.5.4.9
Patches
Vulnerability mechanics
References
7- wordpress.org/plugins/participants-database/changelognvdPatch
- packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.htmlnvdExploit
- seclists.org/fulldisclosure/2014/Jun/0nvdExploit
- www.exploit-db.com/exploits/33613nvdExploit
- www.yarubo.com/advisories/1nvdExploitURL Repurposed
- osvdb.org/show/osvdb/107626nvd
- www.securityfocus.com/bid/67769nvd
News mentions
0No linked articles in our index yet.