PT-2022-13698 · WordPress · The Visual Slide Box Builder

P7E4

Published

2022-05-16

Updated

2022-05-25

CVE-2022-1182

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Visual Slide Box Builder WordPress plugin versions 3.2.9 and earlier

Description The issue concerns the lack of sanitization and escaping of various parameters in SQL statements via certain AJAX actions. These actions are available to any authenticated users, including those with minimal privileges like subscribers. This oversight leads to SQL injections.

Recommendations For The Visual Slide Box Builder WordPress plugin versions 3.2.9 and earlier, update to a version that addresses the SQL injection issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-1182

Affected Products

The Visual Slide Box Builder

PT-2022-13698 · WordPress · The Visual Slide Box Builder

CVE-2022-1182

Weakness Enumeration

Related Identifiers

Affected Products

References · 4