CVE-2022-0747
published 2022-03-21CVE-2022-0747: The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
15.25%
96.4th percentile
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quantumcloud | infographic_maker | < 4.3.8 | 4.3.8 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: Infographic Maker iList SQLi - CVE-2022-0747
http_request_method: POST
detection:
selection_1:
- 'status_code == 200'
- 'contains(body, "qcld_upvote_action")'
selection_2:
- 'status_code_2 == 200'
- 'contains(content_type_2, "text/javascript")'
- 'contains(body_2, "show_ilist_templates")'
condition: and- →Monitor for AJAX requests to 'qcld_upvote_action' action — this is the vulnerable unauthenticated endpoint used to trigger SQL injection via the unsanitized post_id parameter ↗
- →Fingerprint vulnerable installations by checking for HTTP 200 response containing 'show_ilist_templates' in a text/javascript content-type response body
- →The vulnerability is exploitable by unauthenticated users — no authentication bypass is required; alert on any POST to wp-admin/admin-ajax.php with action=qcld_upvote_action containing SQL metacharacters in post_id ↗
- ·Vulnerability affects Infographic Maker WordPress plugin versions before 4.3.8 only; patched in 4.3.8 ↗
- ·The nuclei-style template fingerprint check uses a two-step probe: first verifying plugin presence (show_ilist_templates in JS), then confirming SQLi via post_id manipulation — both conditions must be true
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g24q-hmgf-4p5q: The Infographic Maker WordPress plugin before 4
ghsa_unreviewed·2022-03-22
CVE-2022-0747 [CRITICAL] CWE-89 GHSA-g24q-hmgf-4p5q: The Infographic Maker WordPress plugin before 4
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
VulnCheck
quantumcloud infographic_maker Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-0747 [CRITICAL] quantumcloud infographic_maker Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
quantumcloud infographic_maker Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Affected: quantumcloud infographic_maker
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-30&host_type=src&vulnerability=cve-2022-0747; https://dashboard.shadowserver.org/statistics/hon
No detection rules found.
Nuclei
Infographic Maker iList < 4.3.8 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-0747 [CRITICAL] Infographic Maker iList < 4.3.8 - SQL Injection
Infographic Maker iList =6'
- 'status_code_2 == 200'
- 'contains(content_type_2, "text/javascript")'
- 'contains(body_2, "show_ilist_templates")'
condition: and
# digest: 490a00463044022069f36e810a7d75896a2a2ce0513fb9e5f09fcd3f7d6b2ec58b3ceb14ff224745022055ac00911c0d086aeba1929802a1c6913de363175073eb2e12366ae778979816:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
NoiseLetter November 2025
blogs_greynoiseio
NoiseLetter November 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2022-03-21
Published
Exploited in the wild