3 matches found
CVE-2022-0769
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...
CVE-2022-0769 Users Ultra <= 3.1.0 - Unauthenticated SQL Injection
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...
CVE-2022-0769
Summary (concrete details from connected docs): CVE-2022-0769 affects the WordPress plugin Users Ultra up to version 3.1.0 . The vulnerability stems from improper sanitization/escaping of the data_target parameter before it is interpolated into an SQL statement, which is then executed via the rat...