What is CVE-2022-1057?

CVE-2022-1057 is a vulnerability in Pricing Deals For Woocommerce, classified under SQL Injection. Published 2022-07-11.

Is CVE-2022-1057 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Pricing Deals For Woocommerce

CVE-2022-1057

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated S…

Vulnerability class: SQL Injection

EPSS: 0.648 (98.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Pricing Deals For Woocommerce — versions 2.0.2.02

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Marcuccio/kevin
l0928h/kate

References

wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1057?: CVE-2022-1057 is a vulnerability in Pricing Deals For Woocommerce, classified under SQL Injection. Published 2022-07-11.
Is CVE-2022-1057 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.