4 matches found
CVE-2022-0760
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...
CVE-2022-0760
creationtimestamp| type| source ---|---|--- 2022-03-21 21:26:39+00:00| seen| https://t.me/cibsecurity/39334 2024-12-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-24 2025-01-17 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-17...
CVE-2022-0760 Simple Link Directory < 7.7.2 - Unauthenticated SQL injection
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...
CVE-2022-0760
The CVE-2022-0760 entry describes a SQL injection in the WordPress plugin WordPress Simple Link Directory (versions before 7.7.2). The vulnerability arises because the plugin does not validate or escape the post_id parameter before using it in a SQL statement in the qcopd_upvote_action AJAX call,...