CVE-2015-9458

Name of the Vulnerable Software and Affected Versions searchterms-tagging-2 plugin versions 1.535 and earlier for WordPress

Description The issue concerns SQL injection via the count parameter in the pk stt2 db get popular terms function, which is exploitable via CSRF. This allows for potential unauthorized access and manipulation of database content.

Recommendations For searchterms-tagging-2 plugin versions 1.535 and earlier, consider disabling the pk stt2 db get popular terms function until a patch is available to prevent SQL injection attacks. Restrict access to the vulnerable parameter count in the affected API endpoint to minimize the risk of exploitation.