Lucene search
HistoryFeb 06, 2023 - 8:15 p.m.
CVE-2022-4681
hide my wp
wordpress
sql injection
ajax action
unauthenticated users
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.2%
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Affected configurations
Node
wpwavehide_my_wpRange<6.2.9wordpress
Related
prion
prion
Sql injection
2023-02-06 20:15:00
wpexploit
wpexploit
Hide My WP < 6.2.9 - Unauthenticated SQLi
2023-01-11 00:00:00
wpvulndb
wpvulndb
Hide My WP < 6.2.9 - Unauthenticated SQLi
2023-01-11 00:00:00
cve
cve
CVE-2022-4681
2023-02-06 20:15:11
cvelist
cvelist
CVE-2022-4681 Hide My WP < 6.2.9 - Unauthenticated SQLi
2023-02-06 19:59:20
zdt
zdt
WordPress Hide My WP < 6.2.9 - Unauthenticated SQL injection Vulnerability
2024-03-11 00:00:00
packetstorm
packetstorm
WordPress Hide My WP SQL Injection
2024-03-11 00:00:00
exploitdb
exploitdb
Hide My WP < 6.2.9 - Unauthenticated SQLi
2024-03-10 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.2%
Related for NVD:CVE-2022-4681