What is CVE-2022-0434?

CVE-2022-0434 is a vulnerability in Page View Count, classified under SQL Injection. Published 2022-03-07.

Is CVE-2022-0434 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Page View Count

CVE-2022-0434

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthen…

Vulnerability class: SQL Injection

EPSS: 0.879 (99.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Page View Count — versions 2.4.15

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
l0928h/kate

References

wpscan.com/vulnerability/be895016-7365-4ce4-a54f-f36d0ef2d6f1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0434?: CVE-2022-0434 is a vulnerability in Page View Count, classified under SQL Injection. Published 2022-03-07.
Is CVE-2022-0434 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.