WordPress Plugin Vulnerabilities

Email posts to subscribers <= 6.2 - Unauthenticated SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

Affects Plugins

Plugin icon
email-posts-to-subscribers
No known fix

References

CVE
CVE-2022-46818

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Le Ngoc Anh
Verified
No
WPVDB ID
7fbd7016-1f1f-46fd-ae88-d3a927eb5191

Timeline

Publicly Published
2023-04-18 (about 2 years ago)
Added
2023-11-15 (about 2 years ago)
Last Updated
2023-11-15 (about 2 years ago)

Other

Published
Title
Published
2025-04-17
Title
Super Store Finder < 7.5 - Unauthenticated SQL Injection
Published
2024-08-20
Title
Woo Inquiry <= 0.1 - Unauthenticated SQL Injection
Published
2014-08-01
Title
Paid Business Listings - Blind SQL Injection
Published
2022-11-08
Title
Form Vibes < 1.4.6 - Admin+ SQLi
Published
2025-03-28
Title
Slider by BestWebSoft < 1.1.1 - Authenticated (Administrator+) SQL Injection