Lucene search
China National Vulnerability DatabaseCNVD-2022-21728HistoryMar 16, 2022 - 12:00 a.m.
WordPress Zero Spam plugin SQL injection vulnerability
2022-03-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
0.002 Low
EPSS
Percentile
53.2%
WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. WordPress Zero Spam plugin is a WordPress open source application plugin. SQL injection vulnerability exists in versions of WordPress Zero Spam plugin prior to 5.2.11. The vulnerability stems from the fact that the plugin does not properly clean up and escape order and orderby parameters before using them in the administration dashboard. The vulnerability stems from the plugin not properly cleaning up and escaping order and orderby parameters before using them in SQL statements in the administration dashboard, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress zero spam plugin | lt | 5.2.11 |
Related
cvelist
cvelist
CVE-2022-0254 Zero Spam < 5.2.11 - Admin+ SQL Injection
2022-03-14 14:41:26
wpvulndb
wpvulndb
Zero Spam < 5.2.11 - Admin+ SQL Injection
2022-02-18 00:00:00
github
github
SQL Injection in WordPress Zero Spam WordPress plugin
2022-03-15 00:00:57
wpexploit
wpexploit
Zero Spam < 5.2.11 - Admin+ SQL Injection
2022-02-18 00:00:00
osv
osv
SQL Injection in WordPress Zero Spam WordPress plugin
2022-03-15 00:00:57
prion
prion
Sql injection
2022-03-14 15:15:00
nvd
nvd
CVE-2022-0254
2022-03-14 15:15:09
cve
cve
CVE-2022-0254
2022-03-14 15:15:09