exploitDog

GHSA-7hvp-684m-pr7g

Опубликовано: 20 сент. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections

Ссылки

EPSS

Процентиль: 72%

0.00735

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-2958

CVSS3: 8.8

nvd

больше 3 лет назад

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections

EPSS

Процентиль: 72%

0.00735

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89