Lucene search
WPScanCVELIST:CVE-2022-3858HistoryDec 05, 2022 - 4:50 p.m.
CVE-2022-3858 Chaty < 3.0.3 - Admin+ SQLi
2022-12-0516:50:40
WPScan
www.cve.org
4
cve-2022-3858
sql injection
wordpress plugin
EPSS
0.001
Percentile
37.9%
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "3.0.3"
}
],
"defaultStatus": "unaffected"
}
]Related
openvas
openvas
WordPress Chaty Plugin < 3.0.3 SQLi Vulnerability
2022-12-06 00:00:00
wpvulndb
wpvulndb
Chaty < 3.0.3 - Admin+ SQLi
2022-11-14 00:00:00
nvd
nvd
CVE-2022-3858
2022-12-05 17:15:10
wpexploit
wpexploit
Chaty < 3.0.3 - Admin+ SQLi
2022-11-14 00:00:00
prion
prion
Sql injection
2022-12-05 17:15:00
cve
cve
CVE-2022-3858
2022-12-05 17:15:10