CVE-2022-1692

EUVD-2022-24977
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
dwboostercp_image_store_with_slideshow
𝑥
< 1.0.68
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bulletin.iese.de/post/cp-image-store_1-0-67
https://wpscan.com/vulnerability/83bae80c-f583-4d89-8282-e6384bbc7571
https://bulletin.iese.de/post/cp-image-store_1-0-67
https://wpscan.com/vulnerability/83bae80c-f583-4d89-8282-e6384bbc7571