Vulnérabilité CVE-2022-4230 CVE Vulnerability

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well. (CVSS:0.0) (Last Update:2023-01-23)

Vulnerability Details : The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well. Publish Date : 2023-01-23 Last Update Date : 2023-01-23 - CVSS Scores & Vulnerability Types CVSS Score 0.0 Confidentiality Impact ??? Integrity Impact ??? Availability Impact ??? Access Complexity ??? Authentication ??? Gained Access None Vulnerability Type(s) Sql Injection CWE ID 89 - Products Affected By CVE-2022-4230 # Product Type Vendor Product Version Update Edition Language No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. - References For CVE-2022-4230 https://wpscan.com/vulnerability/a0e40cfd-b217-481c-8fc4-027a0a023312

- Metasploit Modules Related To CVE-2022-4230 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)