Lucene search

[email protected]NVD:CVE-2022-4268

HistoryDec 26, 2022 - 1:15 p.m.

CVE-2022-4268

2022-12-2613:15:14

[email protected]

web.nvd.nist.gov

plugin logic

wordpress

sql injection

high privilege users

admin

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.3%

JSON

The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Affected configurations

Nvd

Node

plugin_logic_projectplugin_logicRange≤1.0.7wordpress

VendorProductVersionCPE
plugin_logic_projectplugin_logic*cpe:2.3:a:plugin_logic_project:plugin_logic:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
plugin_logic_project	plugin_logic	*	cpe:2.3:a:plugin_logic_project:plugin_logic::::::wordpress::*

References

bulletin.iese.de/post/plugin-logic_1-0-7/

wpscan.com/vulnerability/bde93d90-1178-4d55-aea9-e02c4f8bcaa2

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.3%

JSON

Related for NVD:CVE-2022-4268

wpvulndb1 cvelist1 wpexploit1 cve1 prion1