CVE-2022-0434
EUVD-2022-1557507.03.2022, 09:15
The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| a3rev | page_view_count | 𝑥 < 2.4.15 |
𝑥
= Vulnerable software versions