CVE-2022-0787

{"id": "CVE-2022-0787", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-03-28T18:15:09.790", "references": [{"url": "https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections"}, {"lang": "es", "value": "El plugin Limit Login Attempts (Spam Protection) de WordPress versiones anteriores a 5.1, no sanea y escapa de algunos par\u00e1metros antes de usarlos en sentencias SQL por medio de acciones AJAX (disponibles para usuarios no autenticados), conllevando a inyecciones SQL"}], "lastModified": "2024-11-21T06:39:23.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FD70BCF7-CD80-4665-998C-12BB619BF8EC", "versionEndExcluding": "5.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}