4 matches found
CVE-2022-23911
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection...
CVE-2022-23911
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection...
CVE-2022-23911 AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection...
CVE-2022-23911
The CVE-2022-23911 entry concerns the WordPress AP Custom Testimonial Plugin (pre-1.4.7). The vulnerability is a SQL Injection caused by not validating/escaping the id parameter when retrieving a testimonial to edit, enabling an attacker to manipulate SQL statements. Several connected sources cor...