CVE-2022-3769

Name of the Vulnerable Software and Affected Versions OWM Weather WordPress plugin versions prior to 5.6.9

Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by users with a role as low as contributor.

Recommendations For versions prior to 5.6.9, update to version 5.6.9 or later to resolve the issue. As a temporary workaround, consider restricting the contributor role's access to sensitive areas of the WordPress plugin until the update is applied.