WordPress 4.7.1 commands Execute Code Sql Injection Vulnerability

Summary

WordPress is prone to a SQL injection vulnerability.This allows remote attackers to execute arbitrary SQL commands via certain vulnerable vectors.

Credit:

The information has been provided by David Herrera.
The original article can be found at: http://www.securityfocus.com/bid/95816


Details

Vulnerable Systems:
 * WordPress 4.7.1

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

CVE Information:
CVE-2017-5611

Disclosure Timeline:
Publish Date : 2017-01-29
Last Update Date : 2017-02-05