Security Advisory

CVE-2022-2958

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-19 14:01:05

Last updated 2024-08-03 00:52:59

Assigner WPScan

State PUBLISHED

Description

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections

← Browse all CVEs View on cve.org ↗