PT-2023-14292 · WordPress · Multimedial Images

Daniel Krohmer

Publicado

2023-01-02

Atualizado

2025-04-11

CVE-2022-4370

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions multimedial images WordPress plugin versions 1.0b and earlier

Description The issue arises from the multimedial images WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement. This leads to a SQL injection that can be exploited by users with a role as low as Admin.

Recommendations For multimedial images WordPress plugin versions 1.0b and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2022-4370

Produtos afetados

Multimedial Images

PT-2023-14292 · WordPress · Multimedial Images

CVE-2022-4370

Identificadores relacionados

Produtos afetados

Referências · 6