3 matches found
CVE-2022-3865
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3865
The CVE-2022-3865 entry concerns the WordPress WP User Merger plugin (versions prior to 1.5.3). The underlying issue is improper sanitisation/escaping of a parameter used in a SQL statement, resulting in a SQL injection. The vulnerability is exploitable by users with a role as low as admin. Affec...
CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...