Vulnerability Description
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dwbooster | Cp Image Store With Slideshow | < 1.0.68 |
Related Weaknesses (CWE)
References
- https://bulletin.iese.de/post/cp-image-store_1-0-67ExploitThird Party Advisory
- https://wpscan.com/vulnerability/83bae80c-f583-4d89-8282-e6384bbc7571ExploitThird Party Advisory
- https://bulletin.iese.de/post/cp-image-store_1-0-67ExploitThird Party Advisory
- https://wpscan.com/vulnerability/83bae80c-f583-4d89-8282-e6384bbc7571ExploitThird Party Advisory
FAQ
What is CVE-2022-1692?
CVE-2022-1692 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-st...
How severe is CVE-2022-1692?
CVE-2022-1692 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-1692?
Check the references section above for vendor advisories and patch information. Affected products include: Dwbooster Cp Image Store With Slideshow.