Vulnerabilities > Letsrecover Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-02 | CVE-2022-4355 | Unspecified vulnerability in Letsrecover Project Letsrecover The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4356 | Unspecified vulnerability in Letsrecover Project Letsrecover The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4357 | Unspecified vulnerability in Letsrecover Project Letsrecover The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |