Vulnerabilities > Letsrecover Project

DATE CVE VULNERABILITY TITLE RISK
2023-01-02 CVE-2022-4355 Unspecified vulnerability in Letsrecover Project Letsrecover
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
network
low complexity
letsrecover-project
7.2
2023-01-02 CVE-2022-4356 Unspecified vulnerability in Letsrecover Project Letsrecover
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
network
low complexity
letsrecover-project
7.2
2023-01-02 CVE-2022-4357 Unspecified vulnerability in Letsrecover Project Letsrecover
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
network
low complexity
letsrecover-project
critical
9.8