CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2022-43462
24 Oct 2022 — Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de inyección SQL (SQLi) autenticada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.00 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-42462
24 Oct 2022 — Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de Cross-Site Scripting (XSS) autenticada almacenada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •