exploitDog

GHSA-xcgc-gw57-wr9f

Опубликовано: 03 янв. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection

Ссылки

EPSS

Процентиль: 86%

0.02962

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-4297

CVSS3: 9.8

nvd

около 3 лет назад

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection

EPSS

Процентиль: 86%

0.02962

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89