CVE-2022-0827
published 2022-06-13CVE-2022-0827: The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to…
PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.05%
94.6th percentile
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| presspage | bestbooks | <= 2.6.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: WordPress Best Books SQLi
detection:
selection:
- 'status_code == 200'
- 'contains(body, "Account added successfully")'
condition: and- →The SQL injection is exploitable by unauthenticated users via an AJAX action — monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for anomalous or unsanitized parameter values targeting the Bestbooks plugin. ↗
- →A successful exploitation response contains the string 'Account added successfully' with HTTP status 200 — use this as a detection signal in web/proxy logs or WAF rules.
- ·The Nuclei/template digest hash is provided for template integrity verification; confirm the template source before deploying in production scanning environments.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fw4m-gxhm-8fj4: The Bestbooks WordPress plugin through 2
ghsa_unreviewed·2022-06-14
CVE-2022-0827 [CRITICAL] CWE-89 GHSA-fw4m-gxhm-8fj4: The Bestbooks WordPress plugin through 2
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
VulnCheck
presspage bestbooks Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-0827 [CRITICAL] presspage bestbooks Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
presspage bestbooks Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected: presspage bestbooks
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-30&host_type=src&vulnerability=cve-2022-0827; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-20&host_type=src&vulnerability=cve-2022-0827; http
No detection rules found.
Nuclei
WordPress Best Books <=2.6.3 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-0827 [CRITICAL] WordPress Best Books <=2.6.3 - SQL Injection
WordPress Best Books =6'
- 'status_code == 200'
- 'contains(body, "Account added successfully")'
condition: and
# digest: 4a0a004730450220116b9c274d2234373dbd3837157461329df0d05d47a63601bd5c79daf9ede04c022100d5c8f2c4f7c3c83da8e1eee248b9a173fd51aa90e13d47e060a31d10bde63234:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-06-13
Published
Exploited in the wild