| |
Vulnerability CVE-2022-2958
Published: 2022-09-19
Description: |
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections |
Type:
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
References: |
https://wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-5052a8bac86a
|
|
|
Copyright 2024, cxsecurity.com
|
|
|