GHSA-pq2f-3fg3-rw99
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pq2f-3fg3-rw99
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-pq2f-3fg3-rw99/GHSA-pq2f-3fg3-rw99.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pq2f-3fg3-rw99
- Aliases
-
- CVE-2022-0254
- Published
- 2022-03-15T00:00:57Z
- Modified
- 2023-11-08T04:07:30.702484Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- SQL Injection in WordPress Zero Spam WordPress plugin
- Details
-
The WordPress Zero Spam WordPress plugin before 5.2.13 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection
- Database specific
{ "cwe_ids": [ "CWE-89" ], "github_reviewed": true, "github_reviewed_at": "2022-03-29T15:26:17Z", "nvd_published_at": "2022-03-14T15:15:00Z", "severity": "CRITICAL" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-0254
- https://github.com/Highfivery/zero-spam-for-wordpress/commit/49723f696f1e2f2a76ac89375910bb036a4895f3
- https://github.com/Highfivery/zero-spam-for-wordpress
- https://plugins.trac.wordpress.org/changeset/2660225
- https://plugins.trac.wordpress.org/changeset/2680906
- https://wpscan.com/vulnerability/ae54681f-7b89-408c-b0ee-ba4a520db997
Affected packages
Packagist / bmarshall511/wordpress_zero_spam
Package
- Name
- bmarshall511/wordpress_zero_spam
- Purl
- pkg:composer/bmarshall511/wordpress_zero_spam
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.13