Description

WordPress Plugin WP RSS By Publishers is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WP RSS By Publishers version 0.1 is vulnerable.

Remediation

Disable and remove the plugin until a fix is available

References

https://bulletin.iese.de/post/wp-rss-by-publishers_0-1_1/

https://bulletin.iese.de/post/wp-rss-by-publishers_0-1_2/

https://bulletin.iese.de/post/wp-rss-by-publishers_0-1_3/

https://wordpress.org/plugins/wp-rss-by-publishers/#description

Related Vulnerabilities

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.4.43)

WordPress Plugin Enhanced Plugin Admin Cross-Site Scripting (1.15)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.10)

e107 Other Vulnerability (CVE-2005-4224)

WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)

Severity

High

Classification

CVE-2022-4358 CVE-2022-4359 CVE-2022-4360 CWE-89 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection