CVE-2022-4099

The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
getcloudsmsjoy_of_text_lite
𝑥
< 2.3.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028
https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028