PT-2022-24842 · WordPress · Buddybadges
Daniel Krohmer
+1
·
Published
2022-12-12
·
Updated
2022-12-14
·
CVE-2022-3925
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
buddybadges WordPress plugin versions 1.0.0 and earlier
Description
The issue is related to a SQL injection that occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by high privilege users.
Recommendations
For buddybadges WordPress plugin versions 1.0.0 and earlier, consider updating to a version that addresses this issue, as the current version does not properly sanitise and escape parameters used in SQL statements, leading to potential SQL injection.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Buddybadges