Security Advisory

CVE-2022-4154

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-26 12:28:05

Last updated 2025-04-14 14:18:40

Assigner WPScan

State PUBLISHED

Description

The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the sites database.

← Browse all CVEs View on cve.org ↗