VDB
CVE-2015-2213
CVE-2015-2213
PUBLISHED
CVSS 7.5 HIGH
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
EPSS 21.24% · 95.8th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
21.24%
95.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wordpress | wordpress | 0 |
| n/a | n/a | * |
Timeline
- Nov 9, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 6, 2024 CVE Updated
- Mar 19, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
References
- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ url
- 76160 vdb
- https://core.trac.wordpress.org/changeset/33556 url
- https://core.trac.wordpress.org/changeset/33555 url
- [oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities mailing-list
- https://wpvulndb.com/vulnerabilities/8126 url
- 1033178 vdb
- DSA-3332 vendor-advisory
- https://codex.wordpress.org/Version_4.2.4 url
- DSA-3383 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-2213 advisory
- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release url