cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4355,https://securityvulnerability.io/vulnerability/CVE-2022-4355,LetsRecover < 1.2.0 - Admin+ SQLi,"The LetsRecover WordPress plugin prior to version 1.2.0 contains a vulnerability due to inadequate sanitization and escaping of user-supplied parameters. This flaw permits high privilege users, such as administrators, to execute arbitrary SQL queries against the database, potentially leading to data exposure or manipulation. Website administrators using this plugin are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.",Wordpress,Letsrecover,7.2,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2023-01-02T21:49:20.342Z,0
CVE-2022-4356,https://securityvulnerability.io/vulnerability/CVE-2022-4356,LetsRecover < 1.2.0 - Admin+ SQLi,"The LetsRecover plugin for WordPress prior to version 1.2.0 contains a vulnerability where insufficient sanitization and escaping of a parameter in SQL statements can lead to SQL injection. This flaw can be exploited by users with high privileges, such as administrators, potentially allowing unauthorized access to sensitive data or manipulation of the WordPress database.",Wordpress,Letsrecover,7.2,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2023-01-02T21:49:17.076Z,0
CVE-2022-4357,https://securityvulnerability.io/vulnerability/CVE-2022-4357,LetsRecover < 1.2.0 - Unauthenticated SQLi,"The LetsRecover WordPress plugin, prior to version 1.2.0, is vulnerable to SQL injection due to inadequate sanitization and escaping of a parameter used in an SQL statement through an AJAX action. This flaw permits unauthenticated users to manipulate the SQL query, potentially leading to unauthorized data access or modifications.",Wordpress,Letsrecover,9.8,CRITICAL,0.0016400000313296914,false,,false,false,false,,false,false,2023-01-02T21:49:11.254Z,0