4 matches found
CVE-2022-2958
creationtimestamp| type| source ---|---|--- 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-05-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-05-22 2025-12-09 00:00:00+00:00| exploited| The Shadowserver...
CVE-2022-2958
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
CVE-2022-2958 BadgeOS < 3.7.1.3 - Subscriber+ SQLi
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
CVE-2022-2958
The CVE-2022-2958 entry concerns the BadgeOS WordPress plugin before 3.7.1.3. The issue is that parameters are not properly sanitised/escaped before being used in SQL statements via AJAX actions that are accessible to any authenticated user, enabling SQL injection. Affected component: BadgeOS Wor...