exploitDog

GHSA-2prm-6mv4-wfqg

Опубликовано: 02 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

Ссылки

EPSS

Процентиль: 98%

0.57136

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-1950

CVSS3: 9.8

nvd

больше 3 лет назад

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

EPSS

Процентиль: 98%

0.57136

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89