WordPress Plugin Vulnerabilities

Easy Social Icons < 3.1.4 - Admin+ SQL Injection

Description

The plugin does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
easy-social-icons
Fixed in 3.1.4

References

CVE
CVE-2022-0887

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
qerogram
Submitter
qerogram
Submitter website
https://github.com/qerogram
Verified
Yes
WPVDB ID
a6c1676d-9dcb-45f6-833a-9545bccd0ad6

Timeline

Publicly Published
2022-03-08 (about 3 years ago)
Added
2022-03-08 (about 3 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2024-04-02
Title
LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection
Published
2021-05-19
Title
WP Statistics < 13.0.8 - Unauthenticated SQL Injection
Published
2022-10-03
Title
Blog2Social < 6.9.10 - Subscriber+ SQLi
Published
2025-07-10
Title
ProfileGrid < 5.9.5.3 - Authenticated (Subscriber+) SQL Injection
Published
2021-08-24
Title
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection