What is CVE-2022-4059?

CVE-2022-4059 is a vulnerability in Cryptocurrency Widgets Pack, classified under CWE-89 SQL INJECTION. Published 2023-01-02.

Is CVE-2022-4059 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cryptocurrency Widgets Pack

CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

EPSS: 0.566 (98.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Cryptocurrency Widgets Pack — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
cyllective/CVEs

References

wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4059?: CVE-2022-4059 is a vulnerability in Cryptocurrency Widgets Pack, classified under CWE-89 SQL INJECTION. Published 2023-01-02.
Is CVE-2022-4059 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.