CVE-2022-4117

The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4117

The CVE-2022-4117 issue affects the WordPress IWS Geo Form Fields plugin (versions up to 1.0). The root cause is improper escaping of a parameter used in a SQL statement within an unauthenticated AJAX action, enabling unauthenticated SQL injection. The Nuclei/template and related sources describe...

PT-2022-25692 · WordPress · Iws Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: IWS WordPress plugin version 1.0 Description: The issue arises from the improper escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to unauthenticated users, leading to an unauthenticat...

WordPress Plugin IWS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...