Vulnerability Description
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 5 Stars Rating Funnel Project | 5 Stars Rating Funnel | < 1.2.54 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/e7fe8218-4ef5-4ef9-9850-8567c207e8e6ExploitThird Party Advisory
- https://wpscan.com/vulnerability/e7fe8218-4ef5-4ef9-9850-8567c207e8e6ExploitThird Party Advisory
FAQ
What is CVE-2022-0657?
CVE-2022-0657 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete...
How severe is CVE-2022-0657?
CVE-2022-0657 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-0657?
Check the references section above for vendor advisories and patch information. Affected products include: 5 Stars Rating Funnel Project 5 Stars Rating Funnel.