Is CVE-2022-0349 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Notificationx – Best Fomo, Social Proof, Woocommerce Sales Popup & Notification Bar Plugin With Elementor

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection

Vulnerability class: SQL Injection

EPSS: 0.615 (98.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Notificationx – Best Fomo, Social Proof, Woocommerce Sales Popup & Notification Bar Plugin With Elementor — versions 2.3.9

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0349?: CVE-2022-0349 is a vulnerability in Notificationx – Best Fomo, Social Proof, Woocommerce Sales Popup & Notification Bar Plugin With Elementor, classified under SQL Injection. Published 2022-03-07.
Is CVE-2022-0349 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.