Lucene search
WPScanCVE-2022-4355HistoryJan 02, 2023 - 10:15 p.m.
CVE-2022-4355
2023-01-0222:15:17
WPScan
web.nvd.nist.gov
43
cve-2022-4355
sql injection
letsrecover
wordpress
nvd
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.1%
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Affected configurations
Node
letsrecover_projectletsrecoverRange≤1.1.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| letsrecover_project | letsrecover | * | cpe:2.3:a:letsrecover_project:letsrecover:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "LetsRecover",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.2.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-4355
2023-01-02 22:15:17
prion
prion
Sql injection
2023-01-02 22:15:00
wpvulndb
wpvulndb
LetsRecover < 1.2.0 - Admin+ SQLi
2022-12-09 00:00:00
cvelist
cvelist
CVE-2022-4355 LetsRecover < 1.2.0 - Admin+ SQLi
2023-01-02 21:49:20
wpexploit
wpexploit
LetsRecover < 1.2.0 - Admin+ SQLi
2022-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: curl-7.82.0-12.fc36
2022-12-28 01:40:29
[SECURITY] Fedora 37 Update: curl-7.85.0-5.fc37
2022-12-26 01:06:29
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.1%
Related for CVE-2022-4355