cbcvebase.
CVE-2022-0773
published 2022-05-02

CVE-2022-0773: The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed…

PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
42.76%
98.5th percentile
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.

Affected

1 ranges
VendorProductVersion rangeFixed in
documentor_projectdocumentor<= 1.5.3

Detection & IOCsextracted from sources · hover to see the quote

yara
digest: 490a00463044022038def538cf8d398b737dacea2497c9af5625927b9952c82246089bf4b8096d580220341336e209a8153029192468eea14bc3c808c0bf441c8455cf0eabaf4fd2a14f:922c64590222798bb761d5b6d8e72950
  • Probe for vulnerable Documentor plugin by sending two requests: check that the first response body contains '([])' and the second response body contains '.documentor-help', both with HTTP 200 and text/html content-type.
  • The SQL injection is exploitable by unauthenticated users against the Documentor WordPress plugin through version 1.5.3 — no authentication required for exploitation.
  • Target plugin version boundary for detection/blocking: Documentor WordPress plugin through 1.5.3.
  • ·The fingerprint condition requires two separate HTTP requests/responses (body_1 and body_2), meaning single-request scanners will not correctly identify the vulnerability.
  • ·The SQL injection stems from unsanitized user input being interpolated directly into SQL statements; any WAF or detection rule must account for unauthenticated POST/GET parameters reaching the plugin's SQL layer.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.