Lucene search

K
cvelistWPScanCVELIST:CVE-2022-0254
HistoryMar 14, 2022 - 2:41 p.m.

CVE-2022-0254 Zero Spam < 5.2.11 - Admin+ SQL Injection

2022-03-1414:41:26
CWE-89
WPScan
www.cve.org

0.002 Low

EPSS

Percentile

53.0%

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection

CNA Affected

[
  {
    "product": "WordPress Zero Spam",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.2.11",
        "status": "affected",
        "version": "5.2.11",
        "versionType": "custom"
      }
    ]
  }
]

0.002 Low

EPSS

Percentile

53.0%

Related for CVELIST:CVE-2022-0254