CVE-2022-0846
published 2022-03-28CVE-2022-0846: The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the…
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
8.79%
94.5th percentile
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| speakout_!_email_petitions_project | speakout_!_email_petitions | < 2.14.15.1 | 2.14.15.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the unauthenticated AJAX action 'dk_speakout_sendmail' with a manipulated 'id' parameter containing SQL injection payloads; no authentication is required to exploit this endpoint. ↗
- ·Vulnerability affects SpeakOut! Email Petitions WordPress plugin versions before 2.14.15.1; ensure patched versions are not flagged. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v734-49qc-6vhm: The SpeakOut! Email Petitions WordPress plugin before 2
ghsa_unreviewed·2022-03-29
CVE-2022-0846 [CRITICAL] CWE-89 GHSA-v734-49qc-6vhm: The SpeakOut! Email Petitions WordPress plugin before 2
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users
VulnCheck
speakout\!_email_petitions_project speakout\!_email_petitions Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-0846 [CRITICAL] speakout\!_email_petitions_project speakout\!_email_petitions Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
speakout\!_email_petitions_project speakout\!_email_petitions Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected: speakout\!_email_petitions_project speakout\!_email_petitions
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-30&host_type=src&vulnerability=cve-2022-0846; https://dash
No detection rules found.
Nuclei
SpeakOut Email Petitions < 2.14.15.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-0846 [CRITICAL] SpeakOut Email Petitions < 2.14.15.1 - SQL Injection
SpeakOut Email Petitions =6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Your signature has been added") || contains(body, "This petition has already been signed using your email address")'
condition: and
# digest: 490a0046304402207433507e5f7b3637a260a6e29686c0ec0ee7f4bbdffa3b9210e94c7f5cc9485c02205d83674028407f99635bacc8e415b4190dba0c1f470625c18b7e9e54c85f2d81:922c64590222798bb761d5b6d8e72950
2022-03-28
Published
Exploited in the wild