exploitDog

GHSA-4fv4-gh87-p496

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

Ссылки

EPSS

Процентиль: 99%

0.86618

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0867

CVSS3: 9.8

nvd

больше 3 лет назад

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

EPSS

Процентиль: 99%

0.86618

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89