CVE-2022-0836

Name of the Vulnerable Software and Affected Versions SEMA API WordPress plugin versions prior to 4.02

Description The issue arises from the SEMA API WordPress plugin's failure to properly sanitise and escape certain parameters before using them in SQL statements via an AJAX action. This leads to SQL injections that can be exploited by unauthenticated users.

Recommendations For versions prior to 4.02, update to version 4.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action until a patch is available. Avoid using vulnerable parameters in SQL statements until the issue is resolved.