CVE Database · CVE-2008-0520
CVSS v3.1
N/A
EPSS
2.85%
Published
Jan 31, 2008
Modified
Apr 22, 2026
Public PoC / Exploit (2)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
Weaknesses (CWE)
References (10)
