Vulnerability CVE-2022-4681


Published: 2023-02-06

Description:
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
WordPress Hide My WP SQL Injection
Xenofon Vassilak...
11.03.2024

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://wpscan.com/vulnerability/5a4096e8-abe4-41c4-b741-c44e740e8689

Copyright 2024, cxsecurity.com

 

Back to Top