cbcvebase.
CVE-2022-0747
published 2022-03-21

CVE-2022-0747: The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
15.25%
96.4th percentile
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection

Affected

1 ranges
VendorProductVersion rangeFixed in
quantumcloudinfographic_maker< 4.3.84.3.8

Detection & IOCsextracted from sources · hover to see the quote

sigma
title: Infographic Maker iList SQLi - CVE-2022-0747
http_request_method: POST
detection:
  selection_1:
    - 'status_code == 200'
    - 'contains(body, "qcld_upvote_action")'
  selection_2:
    - 'status_code_2 == 200'
    - 'contains(content_type_2, "text/javascript")'
    - 'contains(body_2, "show_ilist_templates")'
  condition: and
  • Monitor for AJAX requests to 'qcld_upvote_action' action — this is the vulnerable unauthenticated endpoint used to trigger SQL injection via the unsanitized post_id parameter
  • Fingerprint vulnerable installations by checking for HTTP 200 response containing 'show_ilist_templates' in a text/javascript content-type response body
  • The vulnerability is exploitable by unauthenticated users — no authentication bypass is required; alert on any POST to wp-admin/admin-ajax.php with action=qcld_upvote_action containing SQL metacharacters in post_id
  • ·Vulnerability affects Infographic Maker WordPress plugin versions before 4.3.8 only; patched in 4.3.8
  • ·The nuclei-style template fingerprint check uses a two-step probe: first verifying plugin presence (show_ilist_templates in JS), then confirming SQLi via post_id manipulation — both conditions must be true

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.