Vulnerability Details CVE-2022-0836
The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 88.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-0836
-
cpe:2.3:a:semadatacoop:sema_api:*