Lucene search

Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)PATCHSTACK:E085B470912A8C3085E61CE9F8BAA3E6

HistoryNov 07, 2022 - 12:00 a.m.

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

2022-11-0700:00:00

Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)

patchstack.com

wordpress

user merger

sql injection

0.001 Low

EPSS

Percentile

45.3%

JSON

Auth. SQL Injection (SQLi) vulnerability discovered by Kunal Sharma (University of Kaiserslautern) and Daniel Krohmer (Fraunhofer IESE) in the WordPress WP User Merger plugin (versions <= 1.5.2).

Solution

           Update the WordPress WP User Merger plugin to the latest available version (at least 1.5.3).

CPENameOperatorVersion
wp user mergerle1.5.2

CPE	Name	Operator	Version
	wp user merger	le	1.5.2

References

wpscan.com/vulnerability/da1f0313-2576-490e-a95f-bf12de340610

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for PATCHSTACK:E085B470912A8C3085E61CE9F8BAA3E6