CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3848

CVE-2022-3848 affects the WordPress plugin WP User Merger prior to version 1.5.3. The root cause is insufficient sanitisation/escaping of a parameter before its use in an SQL statement, enabling SQL injection with low-privilege admin-level access. The documented remediation is to update to versio...

CVE-2022-3849

The CVE-2022-3849 entry pertains to the WP User Merger WordPress plugin (versions before 1.5.3). The vulnerability is a SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as admin. Affected item: WP U...

CVE-2022-3849 WP User Merger < 1.5.3 - Admin+ SQLi via user_id

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3849 WP User Merger < 1.5.3 - Admin+ SQLi via user_id

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

PT-2022-24425 · WordPress · Wp User Merger

Name of the Vulnerable Software and Affected Versions: WP User Merger WordPress plugin versions prior to 1.5.3 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited ...

WordPress plugin WP User Merger SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

WordPress plugin WP User Merger SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

WordPress plugin WP User Merger SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Versions of WordPress WP Us...

PT-2022-24499 · WordPress · Wp User Merger

Name of the Vulnerable Software and Affected Versions: WP User Merger WordPress plugin versions prior to 1.5.3 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited ...

PT-2022-24423 · WordPress · Wp User Merger

Name of the Vulnerable Software and Affected Versions: WP User Merger WordPress plugin versions prior to 1.5.3 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited ...

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern, Germany and Daniel Krohmer Fraunhofer IESE, Germany in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least...

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least 1.5.3...

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least 1.5.3...

CVE-2022-37770

libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

DEBIAN-CVE-2022-37770

libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

PT-2022-24060 · Libjpeg +1 · Libjpeg +1

Name of the Vulnerable Software and Affected Versions: libjpeg version 281daa9 Description: The issue allows attackers to cause a Denial of Service DoS via a crafted file, exploiting a segmentation fault in the LineMerger::GetNextLowpassLine function at linemerger.cpp. Recommendations: For versio...

GHSA-42M6-G935-5VMQ @ianwalter/merge Prototype Pollution via `merge` function

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. @ianwalter/merge is deprecated and the maintainer suggests using @generates/merger instead...

@ianwalter/merge Prototype Pollution via `merge` function

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. @ianwalter/merge is deprecated and the maintainer suggests using @generates/merger instead...