WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to SQL Injection (SQLi) vulnerability
CVE-2022-43462

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Ip Blacklist Cloud
Vendor: CVE Published:; 17 January 2023

Summary

An authentication SQL injection vulnerability has been identified in the IP Blacklist Cloud plugin, affecting versions up to 5.00. This flaw allows attackers to manipulate SQL queries, potentially gaining unauthorized access to sensitive data within the application's database. Timely updates and security measures are crucial for users of this plugin to prevent exploitation.

Affected Version(s)

IP Blacklist Cloud <= 5.00

References

https://patchstack.com/database/vulnerability/ip-blacklis...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 17, 2023
Vulnerability Reserved
Oct 19, 2022

Credit

Mika (Patchstack Alliance)