← back
CVE-2022-1182

Visual Slide Box Builder <= 3.2.9 - Subscriber+ SQLi

EPSS 1.3%CWE-89
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 May 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections
Affected products
Unknown · Visual Slide Box Builder

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177