PT-2023-14267 · WordPress · Wp Rss By Publishers
Daniel Krohmer
+1
·
Published
2023-01-02
·
Updated
2023-01-09
·
CVE-2022-4360
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WP RSS By Publishers WordPress plugin version 0.1
Description
The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins.
Recommendations
For WP RSS By Publishers WordPress plugin version 0.1, consider disabling the plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to high privilege user accounts to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Rss By Publishers