CVE-2022-2460

The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
digital_product_labswpdating
𝑥
≤ 7.1.9
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/694b6dfd-2424-41b4-8595-b6c305c390db
https://wpscan.com/vulnerability/694b6dfd-2424-41b4-8595-b6c305c390db