Vulnerability Details CVE-2022-0782
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-0782
-
cpe:2.3:a:donations_project:donations:-
-
cpe:2.3:a:donations_project:donations:1.0
-
cpe:2.3:a:donations_project:donations:1.1
-
cpe:2.3:a:donations_project:donations:1.2
-
cpe:2.3:a:donations_project:donations:1.3
-
cpe:2.3:a:donations_project:donations:1.3.1
-
cpe:2.3:a:donations_project:donations:1.4