.. / CVE-2022-4059

Exploit for Cryptocurrency Widgets Pack < 2.0 - SQL Injection (CVE-2022-4059)

Description:

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Nuclei Template

View the template here CVE-2022-4059.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-4059.yaml
Copy

References:

https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d
https://github.com/cyllective/CVEs
https://nvd.nist.gov/vuln/detail/CVE-2022-4059