BadgeOS < 3.7.1.3 - Subscriber+ SQLi
CVE-2022-2958

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Badgeos
Vendor: CVE Published:; 19 September 2022

What is CVE-2022-2958?

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections

Affected Version(s)

BadgeOS 3.7.1.3

References

https://wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2022
Vulnerability Reserved
Aug 23, 2022

Credit

cydave

Wordpress

What is CVE-2022-2958?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit