CVE-2014-5182

Name of the Vulnerable Software and Affected Versions yawpp plugin version 1.2

Description The issue allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands. This can be achieved via vectors related to admin functions.php or admin update.php. For example, the id parameter in the update action to "wp-admin/admin.php" is vulnerable.

Recommendations For yawpp plugin version 1.2, consider disabling the vulnerable id parameter in the update action to "wp-admin/admin.php" until a patch is available. Restrict access to admin functions.php and admin update.php to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoint until the issue is resolved.