The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-07T08:16:27
Updated: 2022-03-07T08:16:27
Reserved: 2022-01-24T00:00:00
Link: CVE-2022-0349
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-07T09:15:09.143
Modified: 2022-03-11T20:44:24.327
Link: CVE-2022-0349
JSON object: View
Redhat Information
No data.
CWE