CVE-2022-22735 — HIGH (8.8)

Q: How severe is CVE-2022-22735?

CVE-2022-22735 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-22735?

Check the references section above for vendor advisories and patch information. Affected products include: Sedlex Simple Quotation.

Vulnerability Description

The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sedlex	Simple Quotation	<= 1.3.2

Related Weaknesses (CWE)

CWE-89

References

https://wpscan.com/vulnerability/6940a97e-5a75-405c-be74-bedcc3a8ee00ExploitThird Party Advisory
https://wpscan.com/vulnerability/6940a97e-5a75-405c-be74-bedcc3a8ee00ExploitThird Party Advisory

FAQ

What is CVE-2022-22735?

CVE-2022-22735 is a vulnerability with a CVSS score of 8.8 (HIGH). The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, a...

How severe is CVE-2022-22735?

CVE-2022-22735 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22735?

Check the references section above for vendor advisories and patch information. Affected products include: Sedlex Simple Quotation.