3 matches found
CVE-2022-1683
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they ca...
CVE-2022-1683 amtyThumb <= 4.2.0 - Subscriber+ SQLi
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they ca...
CVE-2022-1683
The CVE pertains to WordPress amtyThumb plugin (versions ≤ 4.2.0). The vulnerability is an SQL injection caused by unsanitized/untested parameters in the plugin’s shortcode, exploitable by any authenticated user via an AJAX action that processes the shortcode. PoCs show an authenticated-user POST...