CVE-2022-0693

CVE-2022-0693: Master Elements <= 8.0 - Unauthenticated SQLi

Vendor Unknown
Product Master Elements
Weakness CWE-89 · SQLi
Published April 25, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection

Key dates

02Disclosure timeline

April 25, 2022 CVE published
August 2, 2024 Record updated