What is CVE-2022-0826?

CVE-2022-0826 is a vulnerability in Wp Video Gallery, classified under SQL Injection. Published 2022-05-09.

Is CVE-2022-0826 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Wp Video Gallery

CVE-2022-0826

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Vulnerability class: SQL Injection

EPSS: 0.798 (99.1th percentile) — read the EPSS interpretation.

Affected products

Unknown Wp Video Gallery — versions 1.7.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0826?: CVE-2022-0826 is a vulnerability in Wp Video Gallery, classified under SQL Injection. Published 2022-05-09.
Is CVE-2022-0826 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.