CVE-2022-1013
Personal Dictionary < 1.3.4 - Unauthenticated SQLi
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 6.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
09 May 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.
Affected products
Unknown · Personal DictionaryWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →