CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:blocksera:cryptocurrency_widgets_pack:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:34

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d - Exploit, Third Party Advisory
Summary
  • (es) El complemento Cryptocurrency Widgets Pack de WordPress anterior a 2.0 no sanitiza ni escapa algunos parámetros antes de usarlo en una declaración SQL a través de una acción AJAX disponible para usuarios no autenticados, lo que lleva a una inyección SQL.

07 Jul 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-02 22:15

Updated : 2024-11-21 07:34


NVD link : CVE-2022-4059

Mitre link : CVE-2022-4059

CVE.ORG link : CVE-2022-4059


JSON object : View

Products Affected

blocksera

  • cryptocurrency_widgets_pack
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')