What is CVE-2022-4447?

CVE-2022-4447 is a vulnerability in Fontsy, classified under CWE-89 SQL INJECTION. Published 2023-01-16.

Is CVE-2022-4447 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fontsy

CVE-2022-4447

The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

EPSS: 0.570 (98.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Fontsy — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4447?: CVE-2022-4447 is a vulnerability in Fontsy, classified under CWE-89 SQL INJECTION. Published 2023-01-16.
Is CVE-2022-4447 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.