CVE-2022-4297 in WP AutoComplete Search Plugininformazioni

Riassunto

di MITRE • 03/01/2023

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Prenotare

06/12/2022

Divulgazione

03/01/2023

Moderazione

accettato

CPE

pronto

Sfruttamento

Scaricare

EPSS

0.03595

KEV

no

Attività

molto basso

Fonti

Want to know what is going to be exploited?

We predict KEV entries!