PT-2023-14292 · WordPress · Multimedial Images
Daniel Krohmer
+1
·
Published
2023-01-02
·
Updated
2025-04-11
·
CVE-2022-4370
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
multimedial images WordPress plugin versions 1.0b and earlier
Description
The issue arises from the multimedial images WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement. This leads to a SQL injection that can be exploited by users with a role as low as Admin.
Recommendations
For multimedial images WordPress plugin versions 1.0b and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Multimedial Images