CVE-2022-1472: Better Find and Replace < 1.3.6 - Admin+ SQLi
First published: Mon Jun 20 2022(Updated: )
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codesolz Better Find and Replace | <1.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-1472?
CVE-2022-1472 is classified as a medium-severity SQL Injection vulnerability due to improper parameter handling.
How do I fix CVE-2022-1472?
To fix CVE-2022-1472, update the Better Find and Replace WordPress plugin to version 1.3.6 or higher.
What are the consequences of exploiting CVE-2022-1472?
Exploiting CVE-2022-1472 can lead to unauthorized access to the database, allowing the attacker to manipulate or extract sensitive data.
Is CVE-2022-1472 being actively exploited?
While there is no public report of active exploitation for CVE-2022-1472, it remains a serious risk for vulnerable sites.
Which versions of the Better Find and Replace plugin are affected by CVE-2022-1472?
CVE-2022-1472 affects all versions of the Better Find and Replace plugin prior to 1.3.6.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/codesolz
- canonical/codesolz better find and replace