3 matches found
CVE-2022-4117
creationtimestamp| type| source ---|---|--- 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-31 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-31 2025-02-10 00:00:00+00:00| exploited| The Shadowserver...
VulnCheck KEV: CVE-2022-4117
The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...
CVE-2022-4117
The CVE-2022-4117 issue affects the WordPress IWS Geo Form Fields plugin (versions up to 1.0). The root cause is improper escaping of a parameter used in a SQL statement within an unauthenticated AJAX action, enabling unauthenticated SQL injection. The Nuclei/template and related sources describe...