← volver
CVE-2022-0788

WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi

EPSS 7.9%CWE-89
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 7.9%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
06 jun 2022Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
Productos afectados
Unknown · WP Fundraising Donation and Crowdfunding Platform

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/fbc71710-123f-4c61-9796-a6a4fd354828