What is CVE-2022-0784?

CVE-2022-0784 is a vulnerability in Title Experiments Free, classified under SQL Injection. Published 2022-03-28.

Is CVE-2022-0784 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Title Experiments Free

CVE-2022-0784

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated S…

Vulnerability class: SQL Injection

EPSS: 0.729 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Title Experiments Free — versions 9.0.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
cyllective/CVEs
superlink996/chunqiuyunjingbachang

References

wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0784?: CVE-2022-0784 is a vulnerability in Title Experiments Free, classified under SQL Injection. Published 2022-03-28.
Is CVE-2022-0784 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.