CVE-2022-1950
CRITICAL EXPLOITED NUCLEIYouzify WordPress <1.2.0 - SQL Injection
Title source: llmExploitation Summary
CVE-2022-1950 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
Nuclei Templates (1)
Youzify < 1.2.0 - Unauthenticated SQLi
CRITICALVERIFIEDby DhiyaneshDK
FOFA:
body="/wp-content/plugins/youzify"
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d
Scores
CVSS v3
9.8
EPSS
0.0411
EPSS Percentile
89.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-12-23
CWE
CWE-89
Status
published
Products (1)
kainelabs/youzify
< 1.2.0
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026