CVE-2022-0826
WP Video Gallery <= 1.7.1 - Unauthenticated SQLi
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 9.0%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
09 May 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected products
Unknown · WP Video GalleryWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →