LetsRecover < 1.2.0 - Admin+ SQLi
CVE-2022-4355
7.2HIGH
Summary
The LetsRecover WordPress plugin prior to version 1.2.0 contains a vulnerability due to inadequate sanitization and escaping of user-supplied parameters. This flaw permits high privilege users, such as administrators, to execute arbitrary SQL queries against the database, potentially leading to data exposure or manipulation. Website administrators using this plugin are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.
Affected Version(s)
LetsRecover 0 < 1.2.0
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Daniel Krohmer
Kunal Sharma
WPScan