The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-14T14:41:54
Updated: 2024-08-03T03:21:48.905Z
Reserved: 2022-01-07T00:00:00
Link: CVE-2022-22735
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-14T15:15:11.067
Modified: 2024-11-21T06:47:20.927
Link: CVE-2022-22735
Redhat
No data.