Vulnerability Details CVE-2022-0836
The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 87.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-0836
-
cpe:2.3:a:semadatacoop:sema_api:*