Unknown Letsrecover vulnerabilities
3 known vulnerabilities affecting unknown/letsrecover.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2022-4357CRITICALCVSS 9.8fixed in 1.2.02023-01-02
CVE-2022-4357 [CRITICAL] CWE-89 CVE-2022-4357: The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
cvelistv5nvd
CVE-2022-4355HIGHCVSS 7.2fixed in 1.2.02023-01-02
CVE-2022-4355 [HIGH] CWE-89 CVE-2022-4355: The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
cvelistv5nvd
CVE-2022-4356HIGHCVSS 7.2fixed in 1.2.02023-01-02
CVE-2022-4356 [HIGH] CWE-89 CVE-2022-4356: The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
cvelistv5nvd