CVE-2022-4355

Name of the Vulnerable Software and Affected Versions LetsRecover WordPress plugin versions prior to 1.2.0

Description The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to high privilege users to minimize the risk of exploitation.