CVE-2022-47432
Summary
A critical SQL Injection vulnerability, CVE-2022-47432, has been identified in the PluginPress Shortcode IMDB plugin. This flaw, caused by improper neutralization of special elements in SQL commands, affects versions up to and including 6.0.8.
IFF Assessment
FOE
This vulnerability allows attackers to inject malicious SQL code, which can lead to data theft or unauthorized modification of the database, posing a significant threat to defenders.
Severity
9.8
Critical
Defender Context
Defenders should prioritize patching or updating the PluginPress Shortcode IMDB plugin to the latest secure version to mitigate the risk of SQL injection attacks. Organizations using this plugin must be vigilant for any signs of unauthorized database access or manipulation.