The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e7fe8218-4ef5-4ef9-9850-8567c207e8e6 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-04-25T15:51:04
Updated: 2022-04-25T15:51:04
Reserved: 2022-02-17T00:00:00
Link: CVE-2022-0657
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-25T16:16:07.880
Modified: 2022-05-12T14:15:07.490
Link: CVE-2022-0657
JSON object: View
Redhat Information
No data.
CWE