CVE-2022-1014

CRITICAL

WP Contacts Manager < 2.2.4 - SQL Injection via POST Data

Title source: llm
STIX 2.1

Description

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/eb9e202d-04aa-4343-86a2-4aa2edaa7f6b

Scores

CVSS v3 9.8
EPSS 0.0157
EPSS Percentile 72.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
labarta/wp_contacts_manager < 2.2.4
Published May 23, 2022
Tracked Since Feb 18, 2026