What is CVE-2022-3768?

CVE-2022-3768 is a vulnerability in Wpsmartcontracts, classified under CWE-89 SQL INJECTION. Published 2022-11-28.

Is CVE-2022-3768 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wpsmartcontracts

CVE-2022-3768

The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author

EPSS: 0.661 (98.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Wpsmartcontracts — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
WhatTheFuzz/openssl-fuzz

References

wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3 (exploit, vdb-entry, technical-description)
bulletin.iese.de/post/wp-smart-contracts_1-3-11/

Frequently asked questions

What is CVE-2022-3768?: CVE-2022-3768 is a vulnerability in Wpsmartcontracts, classified under CWE-89 SQL INJECTION. Published 2022-11-28.
Is CVE-2022-3768 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.