Vulnerabilities > CVE-2022-4358 - Unspecified vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wp-rss-by-publishers-project

NVD

Published: 2023-01-02

Updated: 2023-11-07

Summary

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Vulnerable Configurations

Part	Description	Count
Application	Wp_Rss_By_Publishers_Project WP RSS BY Publishers Project WP RSS BY Publishers *	1

References

https://wpscan.com/vulnerability/0076a3b8-9a25-41c9-bb07-36ffe2c8c37d
https://bulletin.iese.de/post/wp-rss-by-publishers_0-1_3