CVE-2022-0867: ARPrice Lite < 3.6.1 - Unauthenticated SQLi
First published: Mon May 16 2022(Updated: )
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reputeinfosystems Pricing Table | <3.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-0867?
The severity of CVE-2022-0867 is critical, with a severity value of 9.8.
Which version of the Pricing Table WordPress plugin is affected by CVE-2022-0867?
The Pricing Table WordPress plugin version up to and excluding 3.6.1 is affected by CVE-2022-0867.
What is the vulnerability description of CVE-2022-0867?
CVE-2022-0867 is a vulnerability in the Pricing Table WordPress plugin that allows unauthenticated users to execute malicious SQL statements due to improper data sanitization.
Are there any references for CVE-2022-0867?
Yes, you can find more information about CVE-2022-0867 at the following reference: [https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494](https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494)
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-0867?
The Common Weakness Enumeration (CWE) ID for CVE-2022-0867 is 89.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/reputeinfosystems
- canonical/reputeinfosystems pricing table