What is CVE-2022-1692?

CVE-2022-1692 is a vulnerability in Cp Image Store With Slideshow, classified under SQL Injection. Published 2022-06-06.

Is CVE-2022-1692 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Cp Image Store With Slideshow

CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated…

Vulnerability class: SQL Injection

EPSS: 0.739 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Cp Image Store With Slideshow — versions 1.0.68

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/83bae80c-f583-4d89-8282-e6384bbc7571 (x_refsource_MISC)
bulletin.iese.de/post/cp-image-store_1-0-67 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1692?: CVE-2022-1692 is a vulnerability in Cp Image Store With Slideshow, classified under SQL Injection. Published 2022-06-06.
Is CVE-2022-1692 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.