What is CVE-2022-0747?

CVE-2022-0747 is a vulnerability in Infographic Maker – Ilist, classified under SQL Injection. Published 2022-03-21.

Is CVE-2022-0747 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Infographic Maker – Ilist

CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leadin…

Vulnerability class: SQL Injection

EPSS: 0.849 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Infographic Maker – Ilist — versions 4.3.8

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3 (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2684336 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-0747?: CVE-2022-0747 is a vulnerability in Infographic Maker – Ilist, classified under SQL Injection. Published 2022-03-21.
Is CVE-2022-0747 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.