Unrated severityNVD Advisory· Published Aug 6, 2014· Updated May 6, 2026

CVE-2014-5182

Description

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

Affected products

Ostenta/Yawpp
cpe:2.3:a:ostenta:yawpp:1.2:*:*:*:*:wordpress:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/plugins/yawpp/changelog/nvdPatch
codevigilant.com/disclosure/wp-plugin-yawpp-a1-injectionnvdExploit
plugins.trac.wordpress.org/changesetnvdExploitPatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000