CVE-2022-3915: Dokan < 3.7.6 - Unauthenticated SQLi
First published: Mon Dec 12 2022(Updated: )
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wedevs Dokan | <3.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-3915?
The severity of CVE-2022-3915 is critical with a score of 9.8.
Which software versions are affected by CVE-2022-3915?
Dokan WordPress plugin versions up to and excluding 3.7.6 are affected by CVE-2022-3915.
What is the vulnerability description of CVE-2022-3915?
CVE-2022-3915 is a SQL injection vulnerability in the Dokan WordPress plugin before 3.7.6, which allows unauthenticated users to exploit it.
How can the SQL injection vulnerability in Dokan WordPress plugin be exploited?
Unauthenticated users can exploit the SQL injection vulnerability in Dokan WordPress plugin by not properly sanitizing and escaping a parameter before using it in a SQL statement.
How do I fix CVE-2022-3915 in the Dokan WordPress plugin?
To fix CVE-2022-3915, update to version 3.7.6 or above of the Dokan WordPress plugin.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/weakness
- agent/event
- agent/first-publish-date
- vendor/wedevs
- canonical/wedevs dokan