CVE-2022-1013

CRITICAL NUCLEI

Ays-pro Personal Dictionary < 1.3.4 - SQL Injection

Title source: rule

Description

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.

Nuclei Templates (1)

WordPress Personal Dictionary <1.3.4 - Blind SQL Injection

CRITICALVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d

Scores

CVSS v3 9.8

EPSS 0.6609

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

ays-pro/personal_dictionary < 1.3.4

Published May 09, 2022

Tracked Since Feb 18, 2026