6 matches found
CVE-2022-4681
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress Hide My WP < 6.2.9 - Unauthenticated SQL injection Vulnerability
Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior Tested on: Hide My WP v6.2.7...
Hide My WP < 6.2.9 - Unauthenticated SQLi
Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Publication Date: 2023-01-11 Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior...
CVE-2022-4681 Hide My WP < 6.2.9 - Unauthenticated SQLi
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2022-4681
The CVE-2022-4681 entry concerns the WordPress plugin Hide My WP (versions before 6.2.9). A parameter is not properly sanitized/escaped before being used in an SQL statement via an unauthenticated AJAX action, enabling a SQL injection. Impact is high (CVE scores show CRITICAL, AV:N/AC:L/PR:N/UI:N...
WordPress Hide My WP Plugin < 6.2.9 is vulnerable to SQL Injection
Software Hide My WP Type Plugin Vulnerable versions 6.2.9 Fixed in 6.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-4681 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ad94e6b8ba54 Credits Xenofon Vassilakopoulos Required privilege...