CVE-2022-1182 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2022-1182?

CVE-2022-1182 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1182?

Check the references section above for vendor advisories and patch information. Affected products include: Visual Slide Box Builder Project Visual Slide Box Builder.

Vulnerability Description

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Visual Slide Box Builder Project	Visual Slide Box Builder	<= 3.2.9

Related Weaknesses (CWE)

CWE-89

References

https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177ExploitThird Party Advisory
https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177ExploitThird Party Advisory

FAQ

What is CVE-2022-1182?

CVE-2022-1182 is a vulnerability with a CVSS score of 8.8 (HIGH). The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authentica...

How severe is CVE-2022-1182?

CVE-2022-1182 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1182?

Check the references section above for vendor advisories and patch information. Affected products include: Visual Slide Box Builder Project Visual Slide Box Builder.