Sign-up

ID

VAR-201503-0451


CVE

CVE-2015-0894


TITLE

All In One WP Security & Firewall vulnerable to SQL injection

Trust: 0.8

sources: JVNDB: JVNDB-2015-000037

DESCRIPTION

SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. All In One WP Security & Firewall is WordPress plugin that provides security functionality. ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers

Trust: 1.98

sources: NVD: CVE-2015-0894 // JVNDB: JVNDB-2015-000037 // BID: 74856 // VULHUB: VHN-78840

AFFECTED PRODUCTS

vendor:tips and tricks hqmodel:all in one wordpress security and firewallscope:lteversion:3.8.7

Trust: 1.0

vendor:tips and tricks hqmodel:all in one wp security & firewallscope:lteversion:v3.8.7

Trust: 0.8

vendor:tips and tricks hqmodel:all in one wordpress security and firewallscope:eqversion:3.8.7

Trust: 0.6

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8.7

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8.6

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8.5

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8.4

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8.3

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8.2

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8.1

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:eqversion:3.8

Trust: 0.3

vendor:wordpressmodel:all in one wp security & firewallscope:neversion:3.8.8

Trust: 0.3

sources: BID: 74856 // JVNDB: JVNDB-2015-000037 // CNNVD: CNNVD-201503-126 // NVD: CVE-2015-0894

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0894
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2015-000037
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201503-126
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78840
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0894
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2015-000037
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-78840
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78840 // JVNDB: JVNDB-2015-000037 // CNNVD: CNNVD-201503-126 // NVD: CVE-2015-0894

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-78840 // JVNDB: JVNDB-2015-000037 // NVD: CVE-2015-0894

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-126

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201503-126

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000037

PATCH
title:All In One WP Security & Firewall - Changelogurl:https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-000037

EXTERNAL IDS
db:NVDid:CVE-2015-0894
Trust: 2.8
db:JVNDBid:JVNDB-2015-000037
Trust: 2.8
db:JVNid:JVN30832515
Trust: 2.8
db:CNNVDid:CNNVD-201503-126
Trust: 0.7
db:BIDid:74856
Trust: 0.4
db:VULHUBid:VHN-78840
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78840 // 
            
            
            
            BID: 74856 // 
            
            
            
            JVNDB: JVNDB-2015-000037 // 
            
            
            
            CNNVD: CNNVD-201503-126 // 
            
            
            
            NVD: CVE-2015-0894

REFERENCES
url:http://jvn.jp/en/jp/jvn30832515/index.html
Trust: 2.8
url:https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/
Trust: 2.0
url:http://jvndb.jvn.jp/jvndb/jvndb-2015-000037
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0894
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0894
Trust: 0.8
url:https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
Trust: 0.3
url:http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000037.html
Trust: 0.3
url:http://www.wordpress.org/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78840 // 
            
            
            
            BID: 74856 // 
            
            
            
            JVNDB: JVNDB-2015-000037 // 
            
            
            
            CNNVD: CNNVD-201503-126 // 
            
            
            
            NVD: CVE-2015-0894

CREDITS
ooooooo_q
Trust: 0.3
sources:
            
            
            BID: 74856

SOURCES
db:VULHUBid:VHN-78840
db:BIDid:74856
db:JVNDBid:JVNDB-2015-000037
db:CNNVDid:CNNVD-201503-126
db:NVDid:CVE-2015-0894

LAST UPDATE DATE
2025-04-13T23:26:46.018000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78840date:2015-03-09T00:00:00
db:BIDid:74856date:2015-05-06T00:00:00
db:JVNDBid:JVNDB-2015-000037date:2015-03-11T00:00:00
db:CNNVDid:CNNVD-201503-126date:2015-03-09T00:00:00
db:NVDid:CVE-2015-0894date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78840date:2015-03-07T00:00:00
db:BIDid:74856date:2015-05-06T00:00:00
db:JVNDBid:JVNDB-2015-000037date:2015-03-06T00:00:00
db:CNNVDid:CNNVD-201503-126date:2015-03-09T00:00:00
db:NVDid:CVE-2015-0894date:2015-03-07T02:59:01.537