3 matches found
CVE-2022-3768
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...
CVE-2022-3768
The CVE concerns the WordPress WPSmartContracts plugin before 1.3.12, which contains a SQL injection due to improper sanitisation/escaping of a parameter used in a SQL statement. An attacker with a low-privilege role (as low as author) can potentially obtain sensitive data, modify data, and perfo...
CVE-2022-3768 WPSmartContracts < 1.3.12 - Author+ SQLi
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...