.. / CVE-2022-0787

Exploit for Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection (CVE-2022-0787)

Description:

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.

Nuclei Template

View the template here CVE-2022-0787.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0787.yaml

References:

https://wordpress.org/plugins/wp-limit-failed-login-attempts/
https://github.com/cyllective/CVEs
https://nvd.nist.gov/vuln/detail/CVE-2022-0787
https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd

.. / CVE-2022-0787 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection (CVE-2022-0787)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-0787