{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4099", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-11-21T12:56:38.644Z", "datePublished": "2023-01-02T21:49:32.669Z", "dateUpdated": "2024-08-03T01:27:54.387Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-10T09:08:54.579Z"}, "title": "Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi", "problemTypes": [{"descriptions": [{"description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Joy Of Text Lite", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "2.3.1"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection"}], "references": [{"url": "https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "cydave", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.387Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getcloudsms:joy_of_text_lite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7F4CB018-61A1-49A4-A94F-736CD1554C7C", "versionEndExcluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection"}, {"lang": "es", "value": "El complemento Joy Of Text Lite de WordPress anterior a 2.3.1 no sanitiza ni escapa adecuadamente algunos par\u00e1metros antes de usarlos en sentencias SQL accesibles para usuarios no autenticados, lo que lleva a una inyecci\u00f3n de SQL no autenticado."}], "id": "CVE-2022-4099", "lastModified": "2024-11-21T07:34:34.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-02T22:15:16.010", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}