CVE-2022-1683

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
amtythumb_projectamtythumb
𝑥
≤ 4.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bulletin.iese.de/post/amtythumb_4-2-0
https://wpscan.com/vulnerability/359d145b-c365-4e7c-a12e-c26b7b8617ce
https://bulletin.iese.de/post/amtythumb_4-2-0
https://wpscan.com/vulnerability/359d145b-c365-4e7c-a12e-c26b7b8617ce