Vulnerability Details CVE-2022-1687
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.4%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 4.0
References
Products affected by CVE-2022-1687
-
cpe:2.3:a:logo_slider_project:logo_slider:-
-
cpe:2.3:a:logo_slider_project:logo_slider:1.0
-
cpe:2.3:a:logo_slider_project:logo_slider:1.1
-
cpe:2.3:a:logo_slider_project:logo_slider:1.4.2
-
cpe:2.3:a:logo_slider_project:logo_slider:1.4.4
-
cpe:2.3:a:logo_slider_project:logo_slider:1.4.5
-
cpe:2.3:a:logo_slider_project:logo_slider:1.4.6
-
cpe:2.3:a:logo_slider_project:logo_slider:1.4.7
-
cpe:2.3:a:logo_slider_project:logo_slider:1.4.8