Lucene search
GoogleOSV:GHSA-PQ2F-3FG3-RW99HistoryMar 15, 2022 - 12:00 a.m.
SQL Injection in WordPress Zero Spam WordPress plugin
2022-03-1500:00:57
Google
osv.dev
10
0.002 Low
EPSS
Percentile
53.2%
The WordPress Zero Spam WordPress plugin before 5.2.13 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection
References
github.com/Highfivery/zero-spam-for-wordpress
github.com/Highfivery/zero-spam-for-wordpress/commit/49723f696f1e2f2a76ac89375910bb036a4895f3
nvd.nist.gov/vuln/detail/CVE-2022-0254
plugins.trac.wordpress.org/changeset/2660225
plugins.trac.wordpress.org/changeset/2680906
wpscan.com/vulnerability/ae54681f-7b89-408c-b0ee-ba4a520db997
Related
cvelist
cvelist
CVE-2022-0254 Zero Spam < 5.2.11 - Admin+ SQL Injection
2022-03-14 14:41:26
wpvulndb
wpvulndb
Zero Spam < 5.2.11 - Admin+ SQL Injection
2022-02-18 00:00:00
cnvd
cnvd
WordPress Zero Spam plugin SQL injection vulnerability
2022-03-16 00:00:00
github
github
SQL Injection in WordPress Zero Spam WordPress plugin
2022-03-15 00:00:57
wpexploit
wpexploit
Zero Spam < 5.2.11 - Admin+ SQL Injection
2022-02-18 00:00:00
prion
prion
Sql injection
2022-03-14 15:15:00
nvd
nvd
CVE-2022-0254
2022-03-14 15:15:09
cve
cve
CVE-2022-0254
2022-03-14 15:15:09