What is CVE-2022-0169?

CVE-2022-0169 is a vulnerability in Photo Gallery By 10web – Mobile-friendly Image, classified under SQL Injection. Published 2022-03-14.

Is CVE-2022-0169 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Photo Gallery By 10web – Mobile-friendly Image

CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and auth…

Vulnerability class: SQL Injection

EPSS: 0.822 (99.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Photo Gallery By 10web – Mobile-friendly Image — versions 1.6.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2672822/photo-gallery (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-0169?: CVE-2022-0169 is a vulnerability in Photo Gallery By 10web – Mobile-friendly Image, classified under SQL Injection. Published 2022-03-14.
Is CVE-2022-0169 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.