CVE-2022-4049

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be	Exploit Third Party Advisory
https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wp_user_project:wp_user:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:34

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be - Exploit, Third Party Advisory
Summary		(es) El complemento WP User de WordPress hasta la versión 7.0 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección SQL explotable por usuarios no autenticados.

Information

Published : 2023-01-02 22:15

Updated : 2025-04-10 19:15

NVD link : CVE-2022-4049

Mitre link : CVE-2022-4049

CVE.ORG link : CVE-2022-4049

JSON object : View

Products Affected

wp_user_project

wp_user

CWE

No CWE.

{"id": "CVE-2022-4049", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-02T22:15:15.827", "references": [{"url": "https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users."}, {"lang": "es", "value": "El complemento WP User de WordPress hasta la versi\u00f3n 7.0 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n SQL explotable por usuarios no autenticados."}], "lastModified": "2025-04-10T19:15:50.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wp_user_project:wp_user:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0797CABA-1792-4357-8F32-56E3273CD36F", "versionEndIncluding": "7.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}