Unrated severityNVD Advisory· Published Jun 4, 2014· Updated May 6, 2026
CVE-2014-3961
CVE-2014-3961
Description
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
Affected products
9cpe:2.3:a:xnau:participants_database:1.5.4.1:*:*:*:*:wordpress:*:*+ 8 more
- cpe:2.3:a:xnau:participants_database:1.5.4.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:1.5.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:xnau:participants_database:*:*:*:*:*:wordpress:*:*range: <=1.5.4.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- wordpress.org/plugins/participants-database/changelognvdPatch
- packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.htmlnvdExploit
- seclists.org/fulldisclosure/2014/Jun/0nvdExploit
- www.exploit-db.com/exploits/33613nvdExploit
- www.yarubo.com/advisories/1nvdExploitURL Repurposed
- osvdb.org/show/osvdb/107626nvd
- www.securityfocus.com/bid/67769nvd
News mentions
0No linked articles in our index yet.