PT-2023-14259 · WordPress · Wp Rss By Publishers
Daniel Krohmer
+1
·
Published
2023-01-02
·
Updated
2025-04-10
·
CVE-2022-4358
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WP RSS By Publishers WordPress plugin version 0.1
Description
The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins.
Recommendations
For WP RSS By Publishers WordPress plugin version 0.1, consider disabling the plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to high privilege user accounts to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Rss By Publishers