CVE-2022-4059 Information

Description

The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users leading to a SQL injection.

Reference

https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d