VDB

CVE-2015-2213

CVE-2015-2213 PUBLISHED CVSS 7.5 HIGH

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.

EPSS 21.24% · 95.8th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
21.24%
95.8th percentile

Affected Products

VendorProductVersions
wordpresswordpress0
n/an/a*

Timeline

  • Nov 9, 2015 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Aug 6, 2024 CVE Updated
  • Mar 19, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
  • Jun 1, 2025 EPSS Score
  • Jun 4, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›