CVE-2022-0827
Bestbooks <= 2.6.3 - Unauthenticated SQLi
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 9.0%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
13 Jun 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected products
Unknown · BestbooksWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →