CVE-2022-0867

CRITICAL EXPLOITED NUCLEI

Reputeinfosystems Pricing Table < 3.6.1 - SQL Injection

Title source: rule

Description

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

Nuclei Templates (1)

WordPress ARPrice <3.6.1 - SQL Injection

CRITICALVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494

Scores

CVSS v3 9.8

EPSS 0.8486

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-14

CWE

CWE-89

Status published

Products (1)

reputeinfosystems/pricing_table < 3.6.1

Published May 16, 2022

Tracked Since Feb 18, 2026