CVE-2022-1013

CRITICAL NUCLEI

Personal Dictionary WordPress Plugin < 1.3.4 - Blind SQL Injection via POST Data

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-1013 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.

Nuclei Templates (1)

WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
CRITICALVERIFIEDby theamanrawat

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d

Scores

CVSS v3 9.8
EPSS 0.0663
EPSS Percentile 93.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
ays-pro/personal_dictionary < 1.3.4
Published May 09, 2022
Tracked Since Feb 18, 2026