Unicamp
Monthly
SQL injection in the Unicamp WordPress theme (versions 2.2.2 and earlier) by ThemeMove allows an attacker holding a low-privilege Subscriber account to inject arbitrary SQL into backend database queries. Because the CVSS scope is marked changed with high confidentiality impact, a successful attacker can read data beyond their normal authorization boundary, including other users' records and potentially credentials stored in the WordPress database. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
SQL injection in the Unicamp WordPress theme (versions 2.2.2 and earlier) by ThemeMove allows an attacker holding a low-privilege Subscriber account to inject arbitrary SQL into backend database queries. Because the CVSS scope is marked changed with high confidentiality impact, a successful attacker can read data beyond their normal authorization boundary, including other users' records and potentially credentials stored in the WordPress database. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.