exploitDog

CVE-2022-0383

Опубликовано: 28 фев. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks

Ссылки

https://plugins.trac.wordpress.org/changeset/2666513
Release Notes
Third Party Advisory
https://wpscan.com/vulnerability/e0402753-3a80-455b-9fab-a7d2a7687193
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2666513
Release Notes
Third Party Advisory
https://wpscan.com/vulnerability/e0402753-3a80-455b-9fab-a7d2a7687193
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ljapps:wp_review_slider:*:*:*:*:*:wordpress:*:*

Версия до 11.0 (исключая)

EPSS

Процентиль: 68%

0.00567

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-3244-jfpr-7px4

CVSS3: 7.2

github

почти 4 года назад

The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks

EPSS

Процентиль: 68%

0.00567

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89