Vulnerabilities > Dwbooster > CP Image Store With Slideshow > High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-08	CVE-2022-1692	SQL Injection vulnerability in Dwbooster CP Image Store With Slideshow The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack network low complexity dwbooster CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.