CVE-2022-2559

Published Aug 29, 2022

Last updated 6 months ago

Overview

Description: The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users
Source: contact@wpscan.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

contact@wpscan.com: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wpmanageninja:fluent_support:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52F4EDCA-9CDF-405E-B765-F044C495196B",
            "versionEndExcluding": "1.5.8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.