Web Vulnerability Report
ID | CVE-2022-3849 |
CVSS 3.0 | 8.8 |
Cloudbric Score
?
|
High |
Cloudbric Detection | Yes |
Vulnerability Type | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Published Date | 2022-11-28 |
Updated Date | 2023-02-03 |
Vendor | ~1.5.3 |
Description | The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin |
Reference | https://wpscan.com/vulnerability/511327d3-499b-4ad9-8fd3-99f9f7deb4f5 |
URL Link | https://nvd.nist.gov/vuln/detail/CVE-2022-3849 |
This vulnerability has been detected by Cloudbric!
Block NOW!
ID | Description | Vulnerability Type |
Cloudbric Score
?
|
Updated Date | Detection |
---|
To receive weekly updates on new vulnerabilities added to Threat Index
Subscribe Now