Lucene search
HistoryNov 28, 2022 - 2:15 p.m.
CVE-2022-3768
wpsmartcontracts
wordpress plugin
sql injection
role-based exploit
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.062 Low
EPSS
Percentile
93.6%
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
Affected configurations
Node
wpsmartcontractswpsmartcontractsRange<1.3.12wordpress
Related
cvelist
cvelist
CVE-2022-3768 WPSmartContracts < 1.3.12 - Author+ SQLi
2022-11-28 13:47:07
wpvulndb
wpvulndb
WPSmartContracts < 1.3.12 - Author+ SQLi
2022-11-07 00:00:00
cve
cve
CVE-2022-3768
2022-11-28 14:15:13
prion
prion
Sql injection
2022-11-28 14:15:00
wpexploit
wpexploit
WPSmartContracts < 1.3.12 - Author+ SQLi
2022-11-07 00:00:00
patchstack
patchstack
cnvd
cnvd
WordPress WPSmartContracts plugin SQL injection vulnerability
2022-11-30 00:00:00
nuclei
nuclei
WordPress WPSmartContracts <1.3.12 - SQL Injection
2022-12-25 21:55:02
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.062 Low
EPSS
Percentile
93.6%
Related for NVD:CVE-2022-3768