PT-2023-14267 · WordPress · Wp Rss By Publishers

Daniel Krohmer

Publicado

2023-01-02

Atualizado

2023-01-09

CVE-2022-4360

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP RSS By Publishers WordPress plugin version 0.1

Description The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins.

Recommendations For WP RSS By Publishers WordPress plugin version 0.1, consider disabling the plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to high privilege user accounts to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2022-4360

Produtos afetados

Wp Rss By Publishers

PT-2023-14267 · WordPress · Wp Rss By Publishers

CVE-2022-4360

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5