10 matches found
CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...
WordPress plugin Master Elements SQL injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Master Elements 8.0 and earlier versions are vulnerable to SQL injection, which stems from t...
CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...
CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...
CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...
CVE-2022-0693
CVE-2022-0693 affects the WordPress plugin Master Elements (versions = 8.1, which mitigates the SQLi. If exploit details are provided in the connected docs (e.g., PoC, exact payloads), they should be included, but the current documents primarily confirm the vulnerable pattern and the upgrade path.
WordPress plugin Master Elements SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Master Elements 8.0 and earlier versions are vulnerable to SQL injection, which stems from t...
Master Elements <= 8.0 - Unauthenticated SQLi
The plugin does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection PoC As unauthenticated:...
WordPress Master Elements plugin <= 8.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Master Elements plugin versions = 8.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporary, pending a full review...
Master Elements <= 8.0 - Unauthenticated SQLi
The plugin does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection As unauthenticated:...