3 matches found
CVE-2022-0254
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection...
CVE-2022-0254
WordPress Zero Spam plugin is vulnerable to SQL injection in admin dashboard due to improper sanitisation/escaping of order and orderby parameters. Affected versions are before 5.2.11 (noted by CVE records; Red Hat references 5.2.11; other advisories mention up to 5.2.13). The root cause is unsaf...
CVE-2022-0254 Zero Spam < 5.2.11 - Admin+ SQL Injection
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection...