Unrated severityNVD Advisory· Published Sep 19, 2022· Updated Aug 3, 2024
BadgeOS < 3.7.1.3 - Subscriber+ SQLi
CVE-2022-2958
Description
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-5052a8bac86amitrex_refsource_MISC
News mentions
0No linked articles in our index yet.