CVE-2022-1014

🗓️ 23 May 2022 07:15:23Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 109 Views🌐 WEB

The WP Contacts Manager WordPress plugin through 2.2.4 SQL injectio

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-1014	23 May 202212:35	–	circl
CNNVD	WordPress plugin WP Contacts Manager SQL注入漏洞	23 May 202200:00	–	cnnvd
CNVD	WordPress WP Contacts Manager SQL注入漏洞	24 May 202200:00	–	cnvd
Cvelist	CVE-2022-1014 WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi	23 May 202207:15	–	cvelist
EUVD	EUVD-2022-24364	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1014	23 May 202208:16	–	nvd
Patchstack	WordPress WP Contacts Manager plugin <= 2.2.4 - Unauthenticated SQL Injection (SQLi) vulnerability	2 May 202200:00	–	patchstack
Prion	Sql injection	23 May 202208:16	–	prion
Positive Technologies	PT-2022-13593 · WordPress · Wp Contacts Manager	23 May 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-1014	22 May 202523:29	–	redhatcve

NVD

Vulners

Node

labarta wp_contacts_managerRange≤2.2.4wordpress

[
  {
    "product": "WP Contacts Manager",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.2.4",
        "status": "affected",
        "version": "2.2.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/eb9e202d-04aa-4343-86a2-4aa2edaa7f6b

Parameter	Position	Path	Description	CWE
id	request body	/wp-admin/admin-ajax.php?action=WP_Contacts_Manager_call&type=get-contact	SQL injection via unsanitized POST data in SQL statement execution	CWE-89

21 Nov 2024 06:39Current

9.9High risk

Vulners AI Score9.9

CVSS 27.5

CVSS 3.19.8

EPSS0.00948

CWE-89