← back
CVE-2022-0788

WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi

EPSS 7.9%CWE-89
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 7.9%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
06 Jun 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
Affected products
Unknown · WP Fundraising Donation and Crowdfunding Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/fbc71710-123f-4c61-9796-a6a4fd354828