CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/d99ce21f-fbb6-429c-aa3b-19c4a5eb7557	Exploit Third Party Advisory
https://wpscan.com/vulnerability/d99ce21f-fbb6-429c-aa3b-19c4a5eb7557	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:smackcoders:visual_email_designer_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:20

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/d99ce21f-fbb6-429c-aa3b-19c4a5eb7557 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/d99ce21f-fbb6-429c-aa3b-19c4a5eb7557 - Exploit, Third Party Advisory
Summary		(es) El complemento Visual Email Designer for WooCommerce de WordPress anterior a 1.7.2 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección de SQL explotable por usuarios con un rol tan bajo como el de autor.

Information

Published : 2023-01-02 22:15

Updated : 2025-04-10 19:15

NVD link : CVE-2022-3860

Mitre link : CVE-2022-3860

CVE.ORG link : CVE-2022-3860

JSON object : View

Products Affected

smackcoders

visual_email_designer_for_woocommerce

CWE

No CWE.

{"id": "CVE-2022-3860", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-01-02T22:15:15.563", "references": [{"url": "https://wpscan.com/vulnerability/d99ce21f-fbb6-429c-aa3b-19c4a5eb7557", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/d99ce21f-fbb6-429c-aa3b-19c4a5eb7557", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author."}, {"lang": "es", "value": "El complemento Visual Email Designer for WooCommerce de WordPress anterior a 1.7.2 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios con un rol tan bajo como el de autor."}], "lastModified": "2025-04-10T19:15:48.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:smackcoders:visual_email_designer_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "36736951-233F-40DE-A6DD-4AD17A0B4057", "versionEndExcluding": "1.7.2"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}

8.8 /10