CVE-2022-3241

Name of the Vulnerable Software and Affected Versions Build App Online WordPress plugin versions prior to 1.0.19

Description The issue arises from the plugin's failure to properly sanitise and escape certain parameters before using them in a SQL statement. This occurs via an AJAX action that is accessible to unauthenticated users, leading to a SQL injection.

Recommendations For versions prior to 1.0.19, update to version 1.0.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent unauthenticated users from exploiting the SQL injection vulnerability.