WordPress Plugin for Google Reviews Plugin <= 2.2.3 is vulnerable to SQL Injection
CVE-2022-44580

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Plugin For Google Reviews
Vendor: CVE Published:; 15 March 2023

What is CVE-2022-44580?

An SQL Injection vulnerability exists in versions of the RichPlugins Plugin for Google Reviews up to 2.2.3. Attackers can exploit this vulnerability to execute arbitrary SQL commands, potentially compromising the confidentiality and integrity of the database. It’s crucial for users to update their plugins to mitigate any security risks associated with this vulnerability.

Affected Version(s)

Plugin for Google Reviews <= 2.2.3

References

https://patchstack.com/database/vulnerability/widget-goog...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2023
Vulnerability Reserved
Nov 1, 2022

Credit

Rafie Muhammad (Patchstack)