2 matches found
CVE-2022-0836 SEMA API < 4.02 - Unauthenticated SQLi
The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...
CVE-2022-0836
The CVE-2022-0836 entry concerns the WordPress plugin SEMA API, affected versions prior to 4.02. The issue is an SQL injection caused by improper sanitisation/escaping of parameters used in SQL statements via an AJAX action, exploitable by unauthenticated users. Several connected sources (Red Hat...