WordPress Plugin Vulnerabilities

WP Pipes < 1.4.0 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Affects Plugins

Plugin icon
wp-pipes
Fixed in 1.4.0

References

CVE
CVE-2022-45355

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
a2e9649a-c85e-44ac-857f-fafeb21f2b83

Timeline

Publicly Published
2022-12-20 (about 3 years ago)
Added
2023-03-30 (about 3 years ago)
Last Updated
2023-03-30 (about 3 years ago)

Other

Published
Title
Published
2023-08-11
Title
WooCommerce PDF Invoice Builder < 1.2.90 - Subscriber+ SQLi
Published
2024-11-15
Title
Blogger 301 Redirect <= 2.5.3 - Unauthenticated SQL Injection via br
Published
2014-08-01
Title
Spreadsheet <= 0.6 - SQL Injection
Published
2025-01-16
Title
ResAds <= 2.0.5 - Authenticated (Administrator+) SQL Injection
Published
2024-10-15
Title
Email Verification for WooCommerce < 2.9.0 - Unauthenticated SQL Injection