Lucene search

PatchstackCVELIST:CVE-2022-45355

HistoryMar 29, 2023 - 6:35 p.m.

CVE-2022-45355 WordPress WP Pipes Plugin <= 1.33 is vulnerable to SQL Injection (SQLi)

2023-03-2918:35:28

CWE-89

Patchstack

www.cve.org

cve-2022-45355

sql injection

thimpress

wordpress

vulnerability

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

EPSS

0.001

Percentile

34.1%

JSON

Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-pipes",
    "product": "WP Pipes",
    "vendor": "ThimPress",
    "versions": [
      {
        "changes": [
          {
            "at": "1.4.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.33",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-pipes/wordpress-wp-pipes-plugin-1-33-auth-sql-injection-sqli-vulnerability?_s_id=cve

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

EPSS

0.001

Percentile

34.1%

JSON

Related for CVELIST:CVE-2022-45355