CVE-2022-1182

HIGH

Visual Slide Box Builder < 3.2.9 - Authenticated SQL Injection via AJAX Parameters

Title source: llm
STIX 2.1

Description

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177

Scores

CVSS v3 8.8
EPSS 0.0134
EPSS Percentile 68.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
visual_slide_box_builder_project/visual_slide_box_builder < 3.2.9
Published May 16, 2022
Tracked Since Feb 18, 2026