CVE-2022-4357

Name of the Vulnerable Software and Affected Versions LetsRecover WordPress plugin versions prior to 1.2.0

Description The issue is related to a SQL injection due to improper sanitization and escaping of a parameter used in a SQL statement via an AJAX action. This action is available to unauthenticated users, making it accessible without login credentials. The parameter in question is used in a way that allows an attacker to inject malicious SQL code, potentially leading to data manipulation or extraction.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or disabling it until a patch is applied. Avoid using the vulnerable parameter in the affected AJAX endpoint until the issue is resolved.