cleantalk
Vulnerabilities and Security Researches

Companion Auto Update, 8f0e42fbcafedfe8c5a1a2e574977b4c09516724

CVE, Research URL

8f0e42fbcafedfe8c5a1a2e574977b4c09516724

Home page URL

Security reports for Companion Auto Update

Application

Companion Auto Update

Published on
Jan 14, 2019
Research Description
Companion Auto Update [companion-auto-update] < 3.3.6 Companion Auto Update <= 3.3.5 - Authenticated (Admin+) SQL Injection The Companion Auto Update plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on several existing SQL queries. This makes it possible for authenticated attackers, with administrative privileges and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.3.6.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
Elizaibots (abcf8d2a13b3fd2324a04f9724e5ac9347743677) , Jun 16, 2026
New vulnerability
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance (1d55a989b0f961e994aae432abe19f9c12b4dad5) , Jun 16, 2026
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance (18b73427c6ab0cb40bbca65611517a8bcc3cbc53) , Jun 16, 2026
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance (9b248cecab4abd7f6880563d1e52efa6690ccf7e) , Jun 16, 2026
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance (e9bce607-21bb-4ebd-af90-dcacb73f77c9) , Jun 16, 2026
Intuitive Custom Post Order (fb854943a69160d6e51117be558eee05e1b4c200) , Jun 16, 2026