WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API

Authenticated SQL Injection SQLi vulnerability via Link API discovered by FVD in WordPress core versions = 6.0.1. Solution Update the WordPress to the latest available version at least 6.0.2 or another patched version...

WP < 6.0.2 - SQLi via Link API

Description The getbookmarks function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wplistbookmarks for example...