Security Advisory

CVE-2022-0434

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-07 08:16:39

Last updated 2024-08-02 23:25:40

Assigner WPScan

State PUBLISHED

Description

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks

← Browse all CVEs View on cve.org ↗