CVE-2022-1683

Name of the Vulnerable Software and Affected Versions amtyThumb WordPress plugin versions through 4.2.0

Description The issue is related to the amtyThumb WordPress plugin, which does not properly sanitise and escape a parameter before using it in a SQL statement via its shortcode. This leads to an SQL injection and can be exploited by any authenticated user, as they can execute shortcodes via an AJAX action.

Recommendations For versions through 4.2.0, update to a version that includes the necessary sanitisation and escaping of parameters in SQL statements to prevent SQL injection. As a temporary workaround, consider restricting access to the shortcode execution via AJAX actions to prevent exploitation.