exploitDog

GHSA-mv3w-5q88-w6jv

Опубликовано: 29 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

Ссылки

EPSS

Процентиль: 98%

0.47252

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0787

CVSS3: 9.8

nvd

почти 4 года назад

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

EPSS

Процентиль: 98%

0.47252

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89