CVE-2022-0867
CRITICAL EXPLOITED NUCLEIPricing Table WordPress Plugin < 3.6.1 - Unauthenticated SQL Injection via AJAX Action
Title source: llmExploitation Summary
CVE-2022-0867 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
Nuclei Templates (1)
WordPress ARPrice <3.6.1 - SQL Injection
CRITICALVERIFIEDby theamanrawat
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494
Scores
CVSS v3
9.8
EPSS
0.1134
EPSS Percentile
95.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-11-14
CWE
CWE-89
Status
published
Products (1)
reputeinfosystems/pricing_table
< 3.6.1
Published
May 16, 2022
Tracked Since
Feb 18, 2026