Vulnerability Description
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Badgeos | Badgos | < 3.7.1.3 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-5052a8bac86aExploitPatchThird Party Advisory
- https://wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-5052a8bac86aExploitPatchThird Party Advisory
FAQ
What is CVE-2022-2958?
CVE-2022-2958 is a vulnerability with a CVSS score of 8.8 (HIGH). The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections
How severe is CVE-2022-2958?
CVE-2022-2958 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2958?
Check the references section above for vendor advisories and patch information. Affected products include: Badgeos Badgos.