CVE-2022-2754

CRITICAL

Ketchup Restaurant Reservations < 1.0.0 - Unauthenticated SQL Injection via Reservation Parameters

Title source: llm
STIX 2.1

Description

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5

Scores

CVSS v3 9.8
EPSS 0.3771
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
ketchup_restaurant_reservations_project/ketchup_restaurant_reservations < 1.0.0
Published Sep 19, 2022
Tracked Since Feb 18, 2026