Lucene search
HistoryJan 02, 2023 - 10:15 p.m.
CVE-2022-4049
cve-2022-4049
nvd
sql injection
wordpress plugin
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.054 Low
EPSS
Percentile
93.2%
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
Affected configurations
Node
wp_user_projectwp_userRange≤7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp_user_project | wp_user | * | cpe:2.3:a:wp_user_project:wp_user:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP User",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "7.0"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cvelist
cvelist
CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi
2023-01-02 21:49:14
prion
prion
Sql injection
2023-01-02 22:15:00
nvd
nvd
CVE-2022-4049
2023-01-02 22:15:15
wpexploit
wpexploit
WP User <= 7.0 - Unauthenticated SQLi
2022-12-09 00:00:00
nuclei
nuclei
WP User <= 7.0 - Unauthenticated SQLi
2023-10-17 07:20:28
wpvulndb
wpvulndb
WP User <= 7.0 - Unauthenticated SQLi
2022-12-09 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.054 Low
EPSS
Percentile
93.2%
Related for CVE-2022-4049