26 matches found
EUVD-2022-43205
Malicious code in bioql PyPI...
CVE-2022-3865
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3848
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
Sql injection
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
Sql injection
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
Sql injection
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3865
The CVE-2022-3865 entry concerns the WordPress WP User Merger plugin (versions prior to 1.5.3). The underlying issue is improper sanitisation/escaping of a parameter used in a SQL statement, resulting in a SQL injection. The vulnerability is exploitable by users with a role as low as admin. Affec...
CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3848
CVE-2022-3848 affects the WordPress plugin WP User Merger prior to version 1.5.3. The root cause is insufficient sanitisation/escaping of a parameter before its use in an SQL statement, enabling SQL injection with low-privilege admin-level access. The documented remediation is to update to versio...
CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849 WP User Merger < 1.5.3 - Admin+ SQLi via user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849 WP User Merger < 1.5.3 - Admin+ SQLi via user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849
The CVE-2022-3849 entry pertains to the WP User Merger WordPress plugin (versions before 1.5.3). The vulnerability is a SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as admin. Affected item: WP U...
WordPress plugin WP User Merger SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...
WordPress plugin WP User Merger SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Versions of WordPress WP Us...
PT-2022-24423 · WordPress · Wp User Merger
Name of the Vulnerable Software and Affected Versions: WP User Merger WordPress plugin versions prior to 1.5.3 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited ...