6 matches found
CVE-2022-2269
The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection...
Sql injection
The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection...
CVE-2022-2269
CVE-2022-2269 concerns the WordPress plugin “Website File Changes Monitor” (versions prior to 1.8.3). The issue is that the plugin does not sanitise or escape user input before using it in a SQL statement via an action accessible to users with the manage_options capability (typically admins). Thi...
CVE-2022-2269 Website File Changes Monitor < 1.8.3 - Admin+ SQLi
The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection...
Website File Changes Monitor < 1.8.3 - Admin+ SQLi
The plugin does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection A user with manageoptions permission can exploit the vulnerability with the following request :...
WordPress Website File Changes Monitor plugin <= 1.8.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Nicolas VIDAL TEHTRIS in WordPress Website File Changes Monitor plugin versions = 1.8.2. Solution Update the WordPress Website File Changes Monitor plugin to the latest available version at least 1.8.3...