Qe SEO Handyman <= 1.0 - Admin+ SQLi
CVE-2022-4351
7.2HIGH
Summary
The Qe SEO Handyman WordPress plugin versions up to 1.0 contains a flaw that fails to properly sanitize and escape user input before using it in SQL queries. This vulnerability allows high privilege users, such as administrators, to execute arbitrary SQL commands on the database through crafted input. As a result, malicious users can manipulate database queries, potentially leading to data breaches or unauthorized access to sensitive information.
Affected Version(s)
Qe SEO Handyman 0 <= 1.0
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Daniel Krohmer
Kunal Sharma
WPScan