CVE-2022-3254

Name of the Vulnerable Software and Affected Versions WordPress Classifieds Plugin versions prior to 4.3

Description The issue arises from the improper sanitization and escaping of certain parameters before they are used in a SQL statement. This occurs via an AJAX action that is accessible to unauthenticated users, provided a specific premium module is active, leading to a SQL injection.

Recommendations For versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider disabling the specific premium module that triggers the vulnerability until a patch is available. Restrict access to the AJAX action to minimize the risk of exploitation.