CVE-2022-0693

Name of the Vulnerable Software and Affected Versions Master Elements WordPress plugin versions prior to 8.0

Description The issue concerns the Master Elements WordPress plugin, which does not properly validate and escape the meta ids parameter of its remove post meta condition AJAX action. This oversight leads to an unauthenticated SQL Injection, as the parameter is used directly in a SQL statement. The AJAX action is accessible to both unauthenticated and authenticated users.

Recommendations For Master Elements WordPress plugin versions prior to 8.0, update to version 8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the remove post meta condition AJAX action to minimize the risk of exploitation. Avoid using the meta ids parameter in the affected AJAX endpoint until the issue is resolved.