CVE-2022-4356

🗓️ 02 Jan 2023 21:49:17Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 53 Views🌐 WEB

The LetsRecover WordPress plugin before 1.2.0 is vulnerable to SQL injectio

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-4356	3 Jan 202300:30	–	circl
CNNVD	WordPress plugin LetsRecover SQL注入漏洞	2 Jan 202300:00	–	cnnvd
CNVD	WordPress plugin LetsRecover SQL Injection Vulnerability	4 Jan 202300:00	–	cnvd
Cvelist	CVE-2022-4356 LetsRecover < 1.2.0 - Admin+ SQLi	2 Jan 202321:49	–	cvelist
EUVD	EUVD-2022-51707	3 Oct 202520:07	–	euvd
NVD	CVE-2022-4356	2 Jan 202322:15	–	nvd
Prion	Sql injection	2 Jan 202322:15	–	prion
Positive Technologies	PT-2023-14254 · WordPress · Letsrecover	2 Jan 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-4356	23 May 202500:09	–	redhatcve
Vulnrichment	CVE-2022-4356 LetsRecover < 1.2.0 - Admin+ SQLi	2 Jan 202321:49	–	vulnrichment

NVD

Vulners

Node

letsrecover_project letsrecoverRange≤1.1.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "LetsRecover",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/27a8d7cb-e179-408e-af13-8722ab41947b
bulletin	www.bulletin.iese.de/post/letsrecover-woocommerce-abandoned-cart_1-1-0_3
wpscan	www.wpscan.com/vulnerability/27a8d7cb-e179-408e-af13-8722ab41947b/

Parameter	Position	Path	Description	CWE
subscriber_id	query param	/wp-admin/admin.php	SQL injection vulnerability due to improper sanitisation of parameters used in SQL statement in LetsRecover WordPress plugin.	CWE-89
cart_id	query param	/wp-admin/admin.php	SQL injection vulnerability due to improper sanitisation of parameters used in SQL statement in LetsRecover WordPress plugin.	CWE-89

10 Apr 2025 19:15Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.2

EPSS0.00642

SSVC