SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.5 | MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
This vulnerability has been addressed by the vendor with the release of the following product update: http://wordpress.org/development/2007/04/wordpress-213-and-2010/