The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-01-02T21:49:39.886Z
Updated: 2024-08-03T01:34:50.179Z
Reserved: 2022-12-09T03:21:34.993Z
Link: CVE-2022-4372
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-02T22:15:17.927
Modified: 2024-11-21T07:35:09.147
Link: CVE-2022-4372
Redhat
No data.