CVE-2022-0846

🗓️ 28 Mar 2022 17:23:28Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 98 Views🌐 WEB

The SpeakOut! Email Petitions WP plugin before 2.14.15.1 is prone to SQL Injection

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2022-0846	28 Mar 202218:15	–	attackerkb
Circl	CVE-2022-0846	28 Mar 202222:42	–	circl
CNNVD	WordPress plugin SpeakOut! Email Petitions SQL注入漏洞	28 Mar 202200:00	–	cnnvd
CNVD	WordPress SpeakOut! Email Petitions plugin SQL注入漏洞	30 Mar 202200:00	–	cnvd
Cvelist	CVE-2022-0846 SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi	28 Mar 202217:23	–	cvelist
Nuclei	SpeakOut Email Petitions < 2.14.15.1 - SQL Injection	29 Jun 202605:52	–	nuclei
NVD	CVE-2022-0846	28 Mar 202218:15	–	nvd
OSV	CVE-2022-0846	28 Mar 202218:15	–	osv
Patchstack	WordPress SpeakOut! Email Petitions plugin <= 2.14.14 - Unauthenticated SQL Injection (SQLi) vulnerability	7 Mar 202200:00	–	patchstack
Prion	Sql injection	28 Mar 202218:15	–	prion

NVD

Vulners

Node

speakout!_email_petitions_project speakout!_email_petitionsRange<2.14.15.1wordpress

[
  {
    "product": "SpeakOut! Email Petitions",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.14.15.1",
        "status": "affected",
        "version": "2.14.15.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/b030296d-688e-44a4-a48a-140375f2c5f4

Parameter	Position	Path	Description	CWE
action	request body	/wp-admin/admin-ajax.php	SQL Injection in dk_speakout_sendmail via unauthenticated AJAX request	CWE-89
id	request body	/wp-admin/admin-ajax.php	SQL Injection in dk_speakout_sendmail via unauthenticated AJAX request	CWE-89
page	path	/wp-admin/admin.php?page=dk_speakout_addnew	Endpoint to create a new email petition (potential prelude to exploitation)	CWE-89

17 Jun 2026 04:21Current

9.9High risk

Vulners AI Score9.9

CVSS 27.5

CVSS 3.19.8

EPSS0.08785