PT-2023-14265 · WordPress · Wp Rss By Publishers
Daniel Krohmer
+1
·
Published
2023-01-02
·
Updated
2023-01-09
·
CVE-2022-4359
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WP RSS By Publishers WordPress plugin version 0.1
Description
The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins.
Recommendations
For WP RSS By Publishers WordPress plugin version 0.1, consider disabling the plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation by high privilege users.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Rss By Publishers