CVE-2022-1013

Name of the Vulnerable Software and Affected Versions The Personal Dictionary WordPress plugin versions prior to 1.3.4

Description The issue arises from the plugin's failure to properly sanitize user-supplied POST data before it is interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or data manipulation.

Recommendations For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until the update is applied.