CVE-2022-0254

State: PUBLISHED · Published: 2022-03-14 · Updated: 2024-08-02 · Assigner: WPScan

Description

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / WordPress Zero Spam — v=5.2.11 <5.2.11 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/ae54681f-7b89-408c-b0ee-ba4a520db997 x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/2660225 x_refsource_CONFIRM
https://plugins.trac.wordpress.org/changeset/2680906 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2022/0xxx/CVE-2022-0254.json