cbcvebase.
CVE-2022-0784
published 2022-03-28

CVE-2022-0784: The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles…

PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.35%
95.1th percentile
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection

Affected

1 ranges
VendorProductVersion rangeFixed in
title_experiments_free_projecttitle_experiments_free< 9.0.19.0.1

Detection & IOCsextracted from sources · hover to see the quote

otherwpex_titles
  • Target the unauthenticated AJAX action 'wpex_titles' with a manipulated 'id' parameter to detect SQL injection attempts against the Title Experiments Free plugin (< 9.0.1).
  • A successful exploitation response returns HTTP 200 with content-type 'text/html' and a body containing the JSON key '{"images":', which can be used as a detection fingerprint.
  • ·The vulnerability is exploitable by unauthenticated users, meaning no credentials or session tokens are required to trigger the SQL injection via the AJAX endpoint.
  • ·Only Title Experiments Free plugin versions before 9.0.1 are affected.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.