What is CVE-2022-4049?

CVE-2022-4049 is a vulnerability in Wp User, classified under CWE-89 SQL INJECTION. Published 2023-01-02.

Is CVE-2022-4049 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wp User

CVE-2022-4049

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

EPSS: 0.666 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Wp User — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
cyllective/CVEs

References

wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2472be (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4049?: CVE-2022-4049 is a vulnerability in Wp User, classified under CWE-89 SQL INJECTION. Published 2023-01-02.
Is CVE-2022-4049 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.