cbcvebase.
CVE-2022-0827
published 2022-06-13

CVE-2022-0827: The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to…

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.05%
94.6th percentile
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Affected

1 ranges
VendorProductVersion rangeFixed in
presspagebestbooks<= 2.6.3

Detection & IOCsextracted from sources · hover to see the quote

versionBestbooks WordPress plugin <= 2.6.3
sigma
title: WordPress Best Books SQLi
detection:
  selection:
    - 'status_code == 200'
    - 'contains(body, "Account added successfully")'
  condition: and
  • The SQL injection is exploitable by unauthenticated users via an AJAX action — monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for anomalous or unsanitized parameter values targeting the Bestbooks plugin.
  • A successful exploitation response contains the string 'Account added successfully' with HTTP status 200 — use this as a detection signal in web/proxy logs or WAF rules.
  • ·The Nuclei/template digest hash is provided for template integrity verification; confirm the template source before deploying in production scanning environments.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.