Lucene search
HistoryJan 02, 2023 - 10:15 p.m.
CVE-2022-4059
cryptocurrency widgets pack
wordpress
sql injection
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.024 Low
EPSS
Percentile
90.0%
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Affected configurations
Node
blockseracryptocurrency_widgets_packRange≤1.8.1wordpress
Related
cvelist
cvelist
CVE-2022-4059 Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi
2023-01-02 21:49:10
cve
cve
CVE-2022-4059
2023-01-02 22:15:15
nuclei
nuclei
Cryptocurrency Widgets Pack < 2.0 - SQL Injection
2023-10-17 07:20:28
prion
prion
Sql injection
2023-01-02 22:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.024 Low
EPSS
Percentile
90.0%
Related for NVD:CVE-2022-4059