Wordspew Plugin for Wordpress "id" SQL Injection Vulnerability

S@BUN has reported a vulnerability in the Wordspew plugin for Wordpress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the parameter "id" in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution: Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by: S@BUN

Original Advisory: http://milw0rm.com/exploits/5039

Critical: Elevated

Moderately critical

Impact: Manipulation of data

Where: From remote

Software: Wordspew (plugin for Wordpress) 3.x