CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.825

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d
https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d

Products affected by CVE-2022-4059

Blocksera » Cryptocurrency Widgets Pack » Version: 1.8.1

cpe:2.3:a:blocksera:cryptocurrency_widgets_pack:1.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4059

Products

Pricing

Contact Us