CVE-2022-3768

🗓️ 28 Nov 2022 13:47:07Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 80 Views🌐 WEB

The WPSmartContracts WordPress plugin before 1.3.12 is vulnerable to SQL injection

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2022-3768	28 Nov 202216:28	–	circl
CNNVD	WordPress plugin WPSmartContracts SQL注入漏洞	28 Nov 202200:00	–	cnnvd
CNVD	WordPress WPSmartContracts plugin SQL Injection Vulnerability	30 Nov 202200:00	–	cnvd
Cvelist	CVE-2022-3768 WPSmartContracts < 1.3.12 - Author+ SQLi	28 Nov 202213:47	–	cvelist
Nuclei	WordPress WPSmartContracts <1.3.12 - SQL Injection	27 Jun 202603:01	–	nuclei
NVD	CVE-2022-3768	28 Nov 202214:15	–	nvd
OSV	CVE-2022-3768	28 Nov 202214:15	–	osv
Patchstack	WordPress WPSmartContracts plugin <= 1.3.11 - Auth. SQL Injection (SQLi) vulnerability	7 Nov 202200:00	–	patchstack
Prion	Sql injection	28 Nov 202214:15	–	prion
Positive Technologies	PT-2022-24039 · WordPress · Wpsmartcontracts	28 Nov 202200:00	–	ptsecurity

NVD

Vulners

Node

wpsmartcontracts wpsmartcontractsRange<1.3.12wordpress

[
  {
    "vendor": "Unknown",
    "product": "WPSmartContracts",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.12"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
bulletin	www.bulletin.iese.de/post/wp-smart-contracts_1-3-11/
wpscan	www.wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3

Parameter	Position	Path	Description	CWE
collection_id	query param	/wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(4)))hlAf)&uid=1	SQL injection in collection_id parameter allows delayed response via SLEEP payload (low-privilege user).	CWE-89

17 Jun 2026 05:00Current

8.9High risk

Vulners AI Score8.9

CVSS 3.18.8

EPSS0.03663

SSVC

CWE-89