cbcvebase.
CVE-2022-0760
published 2022-03-21

CVE-2022-0760: The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.82%
95.3th percentile
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection

Affected

1 ranges
VendorProductVersion rangeFixed in
quantumcloudsimple_link_directory< 7.7.27.7.2

Detection & IOCsextracted from sources · hover to see the quote

otherqcopd_upvote_action
  • Detect exploitation attempts by monitoring HTTP requests to wp-admin/admin-ajax.php containing the 'qcopd_upvote_action' action parameter with a manipulated 'post_id' value; no authentication is required, so unauthenticated POST requests should be included in scope.
  • Alert on HTTP responses with status code 200 or 500 that contain the string 'vote_status' or 'critical error' in the body alongside 'text/html' content-type — these are the fingerprint conditions used to confirm successful exploitation of this vulnerability.
  • The vulnerability affects Simple Link Directory plugin versions before 7.7.2; any WordPress installation running an older version should be treated as potentially exploitable.
  • ·The nuclei-style fingerprint rule requires ALL three conditions to be true simultaneously (status 200/500 AND text/html content-type AND body containing 'vote_status' or 'critical error'); tuning may be needed to reduce false positives from generic WordPress error pages.
  • ·The AJAX action is available to both unauthenticated and authenticated users, meaning WAF rules must not restrict detection scope to authenticated sessions only.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.