CVE-2023-0278

Name of the Vulnerable Software and Affected Versions GeoDirectory WordPress plugin versions prior to 2.2.24

Description The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement, leading to a SQL injection. This can be exploited by high privilege users, such as administrators.

Recommendations For versions prior to 2.2.24, update to version 2.2.24 or later to resolve the issue. As a temporary workaround, consider restricting access to high privilege user accounts to minimize the risk of exploitation.