Vulnerabilities > WP User Merger Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-28 | CVE-2022-3848 | SQL Injection vulnerability in WP User Merger Project WP User Merger The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | 8.8 |
2022-11-28 | CVE-2022-3849 | Unspecified vulnerability in WP User Merger Project WP User Merger The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | 8.8 |
2022-11-28 | CVE-2022-3865 | Unspecified vulnerability in WP User Merger Project WP User Merger The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | 8.8 |