CVE-2022-0760

Name of the Vulnerable Software and Affected Versions The Simple Link Directory WordPress plugin versions prior to 7.7.2

Description The issue concerns an unauthenticated SQL Injection due to the lack of validation and escaping of the post id parameter in SQL statements via the /wp-admin/admin-ajax.php qcopd upvote action AJAX action. This action is accessible to both unauthenticated and authenticated users.

Recommendations For versions prior to 7.7.2, update to version 7.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the qcopd upvote action AJAX action until the update is applied.