Unknown Wp User Merger vulnerabilities
3 known vulnerabilities affecting unknown/wp_user_merger.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2022-3865HIGHCVSS 8.8fixed in 1.5.32022-11-28
CVE-2022-3865 [HIGH] CWE-89 CVE-2022-3865: The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter b
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
cvelistv5nvd
CVE-2022-3849HIGHCVSS 8.8fixed in 1.5.32022-11-28
CVE-2022-3849 [HIGH] CWE-89 CVE-2022-3849: The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter b
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
cvelistv5nvd
CVE-2022-3848HIGHCVSS 8.8fixed in 1.5.32022-11-28
CVE-2022-3848 [HIGH] CWE-89 CVE-2022-3848: The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter b
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
cvelistv5nvd