Lucene search
HistoryAug 29, 2022 - 6:15 p.m.
CVE-2022-2559
fluent support
wordpress
plugin
sql injection
vulnerability
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
37.9%
The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users
Affected configurations
Node
wpmanageninjafluent_supportRange<1.5.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpmanageninja | fluent_support | * | cpe:2.3:a:wpmanageninja:fluent_support:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.8",
"status": "affected",
"version": "1.5.8",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-2559 Fluent Support < 1.5.8 - Admin+ SQLi
2022-08-29 17:15:36
wpvulndb
wpvulndb
Fluent Support < 1.5.8 - Admin+ SQLi
2022-08-02 00:00:00
wpexploit
wpexploit
Fluent Support < 1.5.8 - Admin+ SQLi
2022-08-02 00:00:00
patchstack
patchstack
prion
prion
Sql injection
2022-08-29 18:15:00
nvd
nvd
CVE-2022-2559
2022-08-29 18:15:09
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
37.9%
Related for CVE-2022-2559