Lucene search
China National Vulnerability DatabaseCNVD-2022-66593HistoryMar 02, 2022 - 12:00 a.m.
WordPress Testimonial Plugin SQL Injection Vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
wordpress
testimonial plugin
sql injection
vulnerability
php
sql statements
illegal commands
sensitive data
EPSS
0.001
Percentile
36.7%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to validate and escape before using the id parameter in SQL statements when retrieving recommendations to be edited, which could be used by an attacker to exploit the vulnerability to execute illegal SQL commands to steal sensitive database data.
Related
patchstack
patchstack
prion
prion
Sql injection
2022-02-28 09:15:00
cve
cve
CVE-2022-23911
2022-02-28 09:15:09
wpexploit
wpexploit
AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
2022-01-25 00:00:00
wpvulndb
wpvulndb
AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
2022-01-25 00:00:00
cvelist
cvelist
CVE-2022-23911 AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
2022-02-28 09:06:57
nvd
nvd
CVE-2022-23911
2022-02-28 09:15:09