Vulnerability Details CVE-2022-0846
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Exploit prediction scoring system (EPSS) score
EPSS Score 0.504
EPSS Ranking 97.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-0846
-
cpe:2.3:a:speakout!_email_petitions_project:speakout!_email_petitions:*