CVE-2022-0254

More information about this CVE will likely be available in a few days.

Description

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection

Related CPE's

Could not find any relations

References

https://plugins.trac.wordpress.org/changeset/2680906

https://wpscan.com/vulnerability/ae54681f-7b89-408c-b0ee-ba4a520db997

https://plugins.trac.wordpress.org/changeset/2660225

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io