Exploitation Summary
CVE-2022-0693 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection
Nuclei Templates (1)
WordPress Master Elements <=8.0 - SQL Injection
CRITICALVERIFIEDby theamanrawat
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/a72bf075-fd4b-4aa5-b4a4-5f62a0620643
Scores
CVSS v3
9.8
EPSS
0.0718
EPSS Percentile
93.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
devbunch/master_elements
< 8.0
Published
Apr 25, 2022
Tracked Since
Feb 18, 2026