WordPress Plugin Vulnerabilities

Shortcode IMDB <= 6.0.8 - Admin+ SQLi

Description

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow high privilege users such as admin to perform SQL Injection attacks

Affects Plugins

Plugin icon
shortcode-imdb
No known fix

References

CVE
CVE-2022-47432

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
minhtuanact
Verified
No
WPVDB ID
c5334e3f-0953-4a0f-8f71-e856c003e622

Timeline

Publicly Published
2023-04-19 (about 2 years ago)
Added
2023-11-17 (about 2 years ago)
Last Updated
2023-11-17 (about 2 years ago)

Other

Published
Title
Published
2024-07-22
Title
ListingPro Plugin <= 2.9.3 - Unauthenticated SQL Injection
Published
2025-01-24
Title
RSVP and Event Management Plugin < 2.7.15 - Authenticated (Administrator+) SQL Injection
Published
2023-01-19
Title
WP TopBar <= 5.36 - Admin+ SQLi
Published
2025-01-16
Title
WordPress Custom Sidebar <= 2.3 - Authenticated (Contributor+) SQL Injection
Published
2025-05-19
Title
AutomatorWP < 5.2.2 - Authenticated (Administrator+) SQL Injection