3 matches found
CVE-2022-3865
The CVE-2022-3865 entry concerns the WordPress WP User Merger plugin (versions prior to 1.5.3). The underlying issue is improper sanitisation/escaping of a parameter used in a SQL statement, resulting in a SQL injection. The vulnerability is exploitable by users with a role as low as admin. Affec...
CVE-2022-3848
CVE-2022-3848 affects the WordPress plugin WP User Merger prior to version 1.5.3. The root cause is insufficient sanitisation/escaping of a parameter before its use in an SQL statement, enabling SQL injection with low-privilege admin-level access. The documented remediation is to update to versio...
CVE-2022-3849
The CVE-2022-3849 entry pertains to the WP User Merger WordPress plugin (versions before 1.5.3). The vulnerability is a SQL injection caused by improper sanitisation/escaping of a parameter before it is used in a SQL statement, exploitable by users with a role as low as admin. Affected item: WP U...