CVE-2022-2559
Fluent Support < 1.5.8 - Admin+ SQLi
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
29 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →