CVE-2022-2754
CRITICALKetchup Restaurant Reservations < 1.0.0 - Unauthenticated SQL Injection via Reservation Parameters
Title source: llmDescription
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5
Scores
CVSS v3
9.8
EPSS
0.3771
EPSS Percentile
98.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
ketchup_restaurant_reservations_project/ketchup_restaurant_reservations
< 1.0.0
Published
Sep 19, 2022
Tracked Since
Feb 18, 2026