3 matches found
CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
CVE-2022-4049
CVE-2022-4049 affects the WP User WordPress plugin up to version 7.0, where an unsafely constructed SQL statement using an unvalidated parameter (id) in admin-ajax.php allows unauthenticated SQL injection. The root cause is improper sanitization/escaping of the parameter before use in the SQL sta...
CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...