Matt Mullenweg

**Name of the Vulnerable Software and Affected Versions** WordPress version 1.5.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `cat ID` variable. This can be demonstrated by using the `cat` parameter to the "/index.php" endpoint. **Recommendations** For WordPress version 1.5.1, consider updating to a newer version to mitigate the risk of SQL injection attacks. As a temporary workaround, restrict access to the `cat ID` variable and the `cat` parameter in the "/index.php" endpoint to minimize the risk of exploitation.