CVE-2013-3532 Information

Description

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.

Reference

http://osvdb.org/92264 http://packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html http://packetstormsecurity.com/files/128851/WordPress-HTML5-Flash-Player-SQL-Injection.html http://www.securityfocus.com/bid/59021 http://www.securityfocus.com/bid/70763 https://exchange.xforce.ibmcloud.com/vulnerabilities/83374 https://exchange.xforce.ibmcloud.com/vulnerabilities/98332