Exploitation Summary
CVE-2022-0773 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.
Nuclei Templates (1)
Documentor <= 1.5.3 - Unauthenticated SQL Injection
CRITICALVERIFIEDby theamanrawat
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc
Scores
CVSS v3
9.8
EPSS
0.4223
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
documentor_project/documentor
< 1.5.3
Published
May 02, 2022
Tracked Since
Feb 18, 2026