WordPress Plugin Vulnerabilities

Paytm Payment Gateway < 2.7.7 - Editor+ SQLi

Description

The plugin does not properly sanitise and escape the post parameter before using it in a SQL statement, leading to a SQL injection exploitable by editor and above roles

Affects Plugins

Plugin icon
paytm-payments
Fixed in 2.7.7

References

CVE
CVE-2022-45805

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Aman Rawat
Verified
No
WPVDB ID
949e73a6-fc09-4cce-b9ef-bb3dc28c1040

Timeline

Publicly Published
2023-02-22 (about 3 years ago)
Added
2023-11-14 (about 2 years ago)
Last Updated
2023-11-14 (about 2 years ago)

Other

Published
Title
Published
2015-01-15
Title
Feedweb 2.4.1-3.0.6 - SQL Injection
Published
2014-08-01
Title
GRAND Flash Album Gallery 2.55 - "gid" SQL Injection
Published
2024-02-07
Title
Booking Calendar < 9.9.1 - Unauthenticated SQL Injection
Published
2023-01-13
Title
SiteGround Security < 1.3.1 - Admin+ SQLi
Published
2023-10-30
Title
Information Reel < 10.1 - Authenticated (Subscriber+) SQL Injection via Shortcode