What is CVE-2022-0846?

CVE-2022-0846 is a vulnerability in Speakout! Email Petitions, classified under SQL Injection. Published 2022-03-28.

Is CVE-2022-0846 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Speakout! Email Petitions

CVE-2022-0846

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthent…

Vulnerability class: SQL Injection

EPSS: 0.745 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Speakout! Email Petitions — versions 2.14.15.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
DharmaDoll/Search-Poc-from-CVE
cyllective/CVEs

References

wpscan.com/vulnerability/b030296d-688e-44a4-a48a-140375f2c5f4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0846?: CVE-2022-0846 is a vulnerability in Speakout! Email Petitions, classified under SQL Injection. Published 2022-03-28.
Is CVE-2022-0846 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.