Lucene search
China National Vulnerability DatabaseCNVD-2022-66593HistoryMar 02, 2022 - 12:00 a.m.
WordPress Testimonial Plugin SQL Injection Vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.001 Low
EPSS
Percentile
36.9%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to validate and escape before using the id parameter in SQL statements when retrieving recommendations to be edited, which could be used by an attacker to exploit the vulnerability to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress testimonial plugin | lt | 1.4.7 |
Related
cvelist
cvelist
CVE-2022-23911 AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
2022-02-28 09:06:57
nvd
nvd
CVE-2022-23911
2022-02-28 09:15:09
patchstack
patchstack
cve
cve
CVE-2022-23911
2022-02-28 09:15:09
prion
prion
Sql injection
2022-02-28 09:15:00
wpexploit
wpexploit
AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
2022-01-25 00:00:00
wpvulndb
wpvulndb
AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
2022-01-25 00:00:00