5 matches found
CVE-2022-4355
creationtimestamp| type| source ---|---|--- 2023-01-03 00:26:40+00:00| seen| https://t.me/cibsecurity/55767...
CVE-2022-4355
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2022-4355 LetsRecover < 1.2.0 - Admin+ SQLi
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2022-4355 LetsRecover < 1.2.0 - Admin+ SQLi
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2022-4355
CVE-2022-4355 affects the LetsRecover WordPress plugin prior to version 1.2.0. The root cause is improper sanitization/escaping of a parameter before its use in a SQL statement, enabling SQL injection by high-privilege users (e.g., admins). Impact is high (C/C I/A all at HIGH) with network-access...