CVE-2022-2958

Name of the Vulnerable Software and Affected Versions BadgeOS WordPress plugin versions prior to 3.7.1.3

Description The issue concerns the BadgeOS WordPress plugin, which does not properly sanitise and escape parameters before using them in SQL statements via AJAX actions. This can lead to SQL injections, and the actions are available to any authenticated users.

Recommendations For versions prior to 3.7.1.3, update to version 3.7.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to AJAX actions to minimize the risk of exploitation.