Description
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Thu, 10 Apr 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-04-10T19:14:23.094Z
Reserved: 2022-11-18T13:37:16.335Z
Link: CVE-2022-4059
Updated: 2024-08-03T01:27:54.184Z
Status : Modified
Published: 2023-01-02T22:15:15.950
Modified: 2026-06-17T05:19:52.190
Link: CVE-2022-4059
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')