CVE-2022-2593 – Better Search and Replace < 1.4.1 - Admin+ SQLi

https://notcve.org/view.php?id=CVE-2022-2593

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks El plugin Better Search Replace de WordPress versiones anteriores a 1.4.1, no sanea y escapa apropiadamente los datos de la tabla antes de insertarlos en una consulta SQL, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de inyección SQL. The plugin Better Search Replace for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to lack of sanitization of user input in the construction of a database query. This makes it possible for authenticated attackers with administrator-level accounts to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wpscan.com/vulnerability/229a065e-1062-44d4-818d-29aa3b6b6d41 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •