Vulnerability CVE-2022-2840


Published: 2022-09-19

Description:
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Wordpress Plugin Zephyr Project Manager 3.2.42 Multiple SQLi
Rizacan Tufan
08.10.2022
Med.
WordPress Zephyr Project Manager 3.2.42 SQL Injection
Rizacan Tufan
15.10.2022

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c

Copyright 2024, cxsecurity.com

 

Back to Top