CVE-2022-1014
WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
23 may 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.
Productos afectados
Unknown · WP Contacts Manager¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →