CVE-2022-0747 – Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

https://notcve.org/view.php?id=CVE-2022-0747

28 Feb 2022 — The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection El plugin Infographic Maker de WordPress versiones anteriores a 4.3.8, no comprueba ni escapa del parámetro post_id antes de usarlo en una sentencia SQL por medio de la acción AJAX qcld_upvote_action (disponible para usuarios autentica... • https://plugins.trac.wordpress.org/changeset/2684336 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •