The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-07T08:16:27
Updated: 2024-08-02T23:25:40.197Z
Reserved: 2022-01-24T00:00:00
Link: CVE-2022-0349
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-07T09:15:09.143
Modified: 2022-03-11T20:44:24.327
Link: CVE-2022-0349
Redhat
No data.