26 matches found
EUVD-2022-43205
Malicious code in bioql PyPI...
CVE-2022-3865
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3848
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
Sql injection
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
Sql injection
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
Sql injection
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3865
The CVE-2022-3865 entry concerns the WordPress WP User Merger plugin (versions prior to 1.5.3). The underlying issue is improper sanitisation/escaping of a parameter used in a SQL statement, resulting in a SQL injection. The vulnerability is exploitable by users with a role as low as admin. Affec...
CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3848
CVE-2022-3848 affects the WordPress plugin WP User Merger prior to version 1.5.3. The root cause is insufficient sanitisation/escaping of a parameter before its use in an SQL statement, enabling SQL injection with low-privilege admin-level access. The documented remediation is to update to versio...
CVE-2022-3849
The CVE-2022-3849 entry pertains to the WP User Merger WordPress plugin (versions before 1.5.3). The vulnerability is a SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as admin. Affected item: WP U...
CVE-2022-3849 WP User Merger < 1.5.3 - Admin+ SQLi via user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
CVE-2022-3849 WP User Merger < 1.5.3 - Admin+ SQLi via user_id
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
PT-2022-24425 · WordPress · Wp User Merger
Name of the Vulnerable Software and Affected Versions: WP User Merger WordPress plugin versions prior to 1.5.3 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited ...
WordPress plugin WP User Merger SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...
WordPress plugin WP User Merger SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...