CVE-2022-0760
published 2022-03-21CVE-2022-0760: The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.82%
95.3th percentile
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quantumcloud | simple_link_directory | < 7.7.2 | 7.7.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP requests to wp-admin/admin-ajax.php containing the 'qcopd_upvote_action' action parameter with a manipulated 'post_id' value; no authentication is required, so unauthenticated POST requests should be included in scope. ↗
- →Alert on HTTP responses with status code 200 or 500 that contain the string 'vote_status' or 'critical error' in the body alongside 'text/html' content-type — these are the fingerprint conditions used to confirm successful exploitation of this vulnerability.
- →The vulnerability affects Simple Link Directory plugin versions before 7.7.2; any WordPress installation running an older version should be treated as potentially exploitable. ↗
- ·The nuclei-style fingerprint rule requires ALL three conditions to be true simultaneously (status 200/500 AND text/html content-type AND body containing 'vote_status' or 'critical error'); tuning may be needed to reduce false positives from generic WordPress error pages.
- ·The AJAX action is available to both unauthenticated and authenticated users, meaning WAF rules must not restrict detection scope to authenticated sessions only. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r29c-p472-3p96: The Simple Link Directory WordPress plugin before 7
ghsa_unreviewed·2022-03-22
CVE-2022-0760 [CRITICAL] CWE-89 GHSA-r29c-p472-3p96: The Simple Link Directory WordPress plugin before 7
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
VulnCheck
quantumcloud simple_link_directory Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-0760 [CRITICAL] quantumcloud simple_link_directory Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
quantumcloud simple_link_directory Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Affected: quantumcloud simple_link_directory
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-10&host_type=src&vulnerability=cve-2022-0760; https://dashboard.shadowserver.org/s
No detection rules found.
Nuclei
WordPress Simple Link Directory <7.7.2 - SQL injection
nuclei·CVSS 9.8
CVE-2022-0760 [CRITICAL] WordPress Simple Link Directory <7.7.2 - SQL injection
WordPress Simple Link Directory =7'
- 'status_code == 200 || status_code == 500'
- 'contains(content_type, "text/html")'
- 'contains(body, "vote_status") || contains(body, "critical error")'
condition: and
# digest: 4a0a0047304502210083820e71aa29eca956a1312e5df2fd6d08e416902afbf9e4d3a1b6ee89a7248002203c939d0dbd09adc967e886942e749d882981a7c8ac6426387ead8ec34167f664:922c64590222798bb761d5b6d8e72950
2022-03-21
Published
Exploited in the wild