CVE-2022-4373
The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Source: CVE-2022-4373
[월:] 2023년 01월
CVE-2022-4371
CVE-2022-4371
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
Source: CVE-2022-4371
CVE-2022-4370
CVE-2022-4370
The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Source: CVE-2022-4370
CVE-2022-4360
CVE-2022-4360
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Source: CVE-2022-4360
CVE-2022-4362
CVE-2022-4362
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Source: CVE-2022-4362
CVE-2022-4352
CVE-2022-4352
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Source: CVE-2022-4352
CVE-2022-4357
CVE-2022-4357
The LetsRecover WordPress plugin through 1.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Source: CVE-2022-4357
CVE-2022-4355
CVE-2022-4355
The LetsRecover WordPress plugin through 1.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Source: CVE-2022-4355
CVE-2022-4329
CVE-2022-4329
The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).
Source: CVE-2022-4329
CVE-2022-4340
CVE-2022-4340
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it’s thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.
Source: CVE-2022-4340