Is CVE-2022-0769 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Users Ultra Membership, Community And Member Profiles With Paypal Integration Plugin

CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthe…

Vulnerability class: SQL Injection

EPSS: 0.782 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Users Ultra Membership, Community And Member Profiles With Paypal Integration Plugin — versions 3.1.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/05eab45d-ebe9-440f-b9c3-73ec40ef1141 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0769?: CVE-2022-0769 is a vulnerability in Users Ultra Membership, Community And Member Profiles With Paypal Integration Plugin, classified under SQL Injection. Published 2022-04-25.
Is CVE-2022-0769 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.