The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
History

Thu, 05 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Wpmet fundengine
CPEs cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:* cpe:2.3:a:wpmet:fundengine:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpmet wp Fundraising Donation And Crowdfunding Platform
Wpmet fundengine

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-06-06T08:50:51

Updated: 2024-08-02T23:40:04.349Z

Reserved: 2022-02-28T00:00:00

Link: CVE-2022-0788

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-08T10:15:09.077

Modified: 2024-12-05T17:12:01.060

Link: CVE-2022-0788

cve-icon Redhat

No data.