2 matches found
CVE-2022-3981
The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...
CVE-2022-3981
The CVE-2022-3981 entry concerns the Icegram Express WordPress plugin prior to version 5.5.1. Affected component: the plugin’s SQL statements, where improper sanitization/escaping of a parameter enables a SQL injection. Root cause: unsanitized input used in SQL queries; impact: high (CVE details ...