CVE-2022-4059

Name of the Vulnerable Software and Affected Versions Cryptocurrency Widgets Pack WordPress plugin versions prior to 2.0

Description The issue is related to a lack of sanitization and escaping of some parameters before using them in SQL statements via an AJAX action. This can lead to SQL injection, potentially allowing a remote attacker to execute arbitrary SQL queries. The vulnerability is exploitable by unauthenticated users.

Recommendations For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action until a patch is available. Avoid using the vulnerable parameter in the affected AJAX endpoint until the issue is resolved.