CVE-2022-22735: Simple Quotation <= 1.3.2 - Subscriber+ SQL injection
First published: Mon Mar 14 2022(Updated: )
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sedlex Simple Quotation | <=1.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-22735?
CVE-2022-22735 has a medium severity rating due to its potential for SQL injection attacks.
How do I fix CVE-2022-22735?
To fix CVE-2022-22735, update the Simple Quotation plugin to version 1.3.3 or later.
Who is affected by CVE-2022-22735?
Any authenticated user, including subscribers, can potentially exploit CVE-2022-22735 if they have access to the vulnerable plugin.
What are the consequences of CVE-2022-22735?
CVE-2022-22735 can lead to unauthorized SQL injection attacks, potentially exposing sensitive data.
Are there any workarounds for CVE-2022-22735?
Disabling or removing the Simple Quotation plugin can serve as a temporary workaround for CVE-2022-22735.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/sedlex
- canonical/sedlex simple quotation
- version/sedlex simple quotation/1.3.2