CVE-2015-4018

Name of the Vulnerable Software and Affected Versions FeedWordPress plugin versions prior to 2015.0514

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the link ids[] parameter in an Update action in the "syndication.php" page to "wp-admin/admin.php".

Recommendations For FeedWordPress plugin versions prior to 2015.0514, update to version 2015.0514 or later to resolve the issue. As a temporary workaround, consider restricting access to the syndication.php page in wp-admin/admin.php to minimize the risk of exploitation. Avoid using the link ids[] parameter in the affected API endpoint until the issue is resolved.