Vulnerabilities > CVE-2022-4049 - Unspecified vulnerability in WP User Project WP User

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wp-user-project

critical

NVD

Published: 2023-01-02

Updated: 2023-11-07

Summary

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Vulnerable Configurations

Part	Description	Count
Application	Wp_User_Project WP User Project WP User *	1

References

https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be