Vulnerability Details CVE-2022-4357
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.9%
CVSS Severity
CVSS v3 Score 9.8
References
- https://bulletin.iese.de/post/letsrecover-woocommerce-abandoned-cart_1-1-0_1
- https://wpscan.com/vulnerability/4d1c0886-11f7-494f-b175-691253f46626
- https://bulletin.iese.de/post/letsrecover-woocommerce-abandoned-cart_1-1-0_1
- https://wpscan.com/vulnerability/4d1c0886-11f7-494f-b175-691253f46626
- https://wpscan.com/vulnerability/4d1c0886-11f7-494f-b175-691253f46626/
Products affected by CVE-2022-4357
-
cpe:2.3:a:letsrecover_project:letsrecover:*