CVE-2022-0787

high-risk
Published 2022-03-28

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

Do I need to act?

!
47.3% chance of exploitation in next 30 days
EPSS score — higher than 53% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Limit Login Attempts

Affected Vendors

Limit Login Attempts Project

References (2)

Exploit https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd
Exploit https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal