What is CVE-2022-0867?

CVE-2022-0867 is a vulnerability in Pricing Table Plugin, classified under SQL Injection. Published 2022-05-16.

Is CVE-2022-0867 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Pricing Table Plugin

CVE-2022-0867

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users

Vulnerability class: SQL Injection

EPSS: 0.867 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Pricing Table Plugin — versions 3.6.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/sectool
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0867?: CVE-2022-0867 is a vulnerability in Pricing Table Plugin, classified under SQL Injection. Published 2022-05-16.
Is CVE-2022-0867 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.