CVE-2022-0784

Name of the Vulnerable Software and Affected Versions The Title Experiments Free WordPress plugin versions prior to 9.0.1

Description The issue concerns an unauthenticated SQL injection. It occurs because the id parameter is not properly sanitised and escaped before being used in a SQL statement via the "wpex titles" AJAX action, which is accessible to unauthenticated users.

Recommendations For versions prior to 9.0.1, update to version 9.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wpex titles" AJAX action to prevent unauthenticated users from exploiting the SQL injection vulnerability.