What is CVE-2022-1013?

CVE-2022-1013 is a vulnerability in Personal Dictionary, classified under SQL Injection. Published 2022-05-09.

Is CVE-2022-1013 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Personal Dictionary

CVE-2022-1013

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.

Vulnerability class: SQL Injection

EPSS: 0.661 (98.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Personal Dictionary — versions 1.3.4

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1013?: CVE-2022-1013 is a vulnerability in Personal Dictionary, classified under SQL Injection. Published 2022-05-09.
Is CVE-2022-1013 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.