CVE-2022-2269

Name of the Vulnerable Software and Affected Versions Website File Changes Monitor WordPress plugin versions prior to 1.8.3

Description The issue arises from the plugin's failure to sanitise and escape user input before using it in a SQL statement. This occurs via an action available to users with the manage options capability, which by default includes admins. The lack of proper input sanitisation and escaping leads to an SQL injection.

Recommendations For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the action that allows user input to be used in SQL statements, or disabling the manage options capability for non-admin users until a patch is applied.