exploitDog

CVE-2022-0787

Опубликовано: 28 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

Ссылки

https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*

Версия до 5.1 (исключая)

EPSS

Процентиль: 98%

0.47173

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-mv3w-5q88-w6jv

CVSS3: 9.8

github

почти 4 года назад

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

EPSS

Процентиль: 98%

0.47173

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89