2 matches found
CVE-2022-4357
The CVE refers to LetsRecover WordPress plugin prior to 1.2.0, where an unauthenticated AJAX action uses an input parameter directly in a SQL statement without proper sanitization/escaping, causing a SQL injection. Affected component: LetsRecover WordPress plugin (versions
CVE-2022-4357 LetsRecover < 1.2.0 - Unauthenticated SQLi
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...