CVE-2022-0787
Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 8.9%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
28 Mar 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections
Affected products
Unknown · Limit Login Attempts (Spam Protection)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →