3 matches found
CVE-2023-0254 Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges...
CVE-2023-0254
The CVE-2023-0254 entry concerns the WordPress plugin Simple Membership WP user Import (versions up to 1.7). The root cause is insufficient escaping of the orderby parameter, enabling an authenticated administrator to inject SQL into existing queries and potentially extract sensitive data from th...
WordPress Simple Membership WP user Import Plugin <= 1.7 is vulnerable to SQL Injection
Software Simple Membership WP user Import Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0254 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 22216492afda Credits Etan Imanol Castro Aldrete Required...