CVE-2022-2460

EUVD-2022-34721
The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
digital_product_labswpdating
𝑥
≤ 7.1.9
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/694b6dfd-2424-41b4-8595-b6c305c390db
https://wpscan.com/vulnerability/694b6dfd-2424-41b4-8595-b6c305c390db