Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0693

April 25, 2022, 4:16 p.m. |

National Vulnerability Database nist.gov

The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection

cve

Field CISO

@ Rubrik | London, United Kingdom

Android-Savvy Reverse Engineer

@ ARSIEM | Laurel, MD

Junior Information Security Analyst

@ IT Concepts Inc. | Washington, District of Columbia, United States

Senior Network Security Engineer

@ UBDS | England, United Kingdom - Remote

Software Engineer, Security Infrastructure

@ Robinhood | US - Remote

Mid-Level Research Cyber Security Engineer (Hybrid options available)

@ Riverside Research | Beavercreek, Ohio

Security Intelligence Manager, Incident Response

@ Atlassian | Sydney, Australia

Security Consultant, Professional Services

@ Amazon.com | Seoul, KOR

Senior Cybersecurity Architect

@ Lucayan Technology Solutions LLC | Tampa, Florida, United States

Application Security Engineer

@ PlayStation Global | United States, San Francisco, CA

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, TX, Virtual Location - Texas

Cyber Security Engineer

@ GWA Group | Derrimut, Victoria, Australia