cbcvebase.
CVE-2022-0787
published 2022-03-28

CVE-2022-0787: The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
8.85%
94.6th percentile
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

Affected

1 ranges
VendorProductVersion rangeFixed in
limit_login_attempts_projectlimit_login_attempts< 5.15.1

Detection & IOCsextracted from sources · hover to see the quote

otheriTotalDisplayRecords
  • HTTP response status 200 with Content-Type text/html containing 'iTotalDisplayRecords' in the body may indicate successful exploitation of the SQL injection via AJAX action in Limit Login Attempts (Spam Protection) plugin before 5.1
  • The SQL injection is reachable via AJAX actions available to unauthenticated users — monitor for unexpected AJAX requests to wp-admin/admin-ajax.php from unauthenticated sessions targeting this plugin
  • ·Vulnerability affects Limit Login Attempts (Spam Protection) plugin versions before 5.1; ensure detection targets only those versions
  • ·The nuclei-style digest/signature present in the detection template should be validated against the canonical template source before operational deployment

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.