CVE-2022-0867
published 2022-05-16CVE-2022-0867: The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.46%
95.7th percentile
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| reputeinfosystems | pricing_table | < 3.6.1 | 3.6.1 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: WordPress ARPrice SQLi
condition: and
detection:
selection_1:
status_code_1: 200
selection_2:
content_type_1|contains: 'text/html'
selection_3:
body_2|contains: 'ArpPriceTable'- →Unauthenticated AJAX action exploitation — monitor for POST requests to WordPress AJAX endpoints (wp-admin/admin-ajax.php) from unauthenticated users targeting the Pricing Table (ARPrice) plugin, particularly payloads containing SQL metacharacters in POST data. ↗
- →Fingerprint vulnerable installations by checking HTTP response body for the string 'ArpPriceTable', which indicates the ARPrice plugin is active and potentially exploitable.
- ·The Sigma/nuclei-style rule digest provided in the source may be used to verify rule integrity; the digest value should be validated before deploying the rule in production.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4fv4-gh87-p496: The Pricing Table WordPress plugin before 3
ghsa_unreviewed·2022-05-17
CVE-2022-0867 [CRITICAL] CWE-89 GHSA-4fv4-gh87-p496: The Pricing Table WordPress plugin before 3
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
VulnCheck
reputeinfosystems pricing_table Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-0867 [CRITICAL] reputeinfosystems pricing_table Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
reputeinfosystems pricing_table Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
Affected: reputeinfosystems pricing_table
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-14&host_type=src&vulnerability=cve-2022-0867; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-30&h
No detection rules found.
Nuclei
WordPress ARPrice <3.6.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-0867 [CRITICAL] WordPress ARPrice <3.6.1 - SQL Injection
WordPress ARPrice =6'
- 'status_code_1 == 200'
- 'contains(content_type_1, "text/html")'
- 'contains(body_2, "ArpPriceTable")'
condition: and
# digest: 4b0a00483046022100a731fb5afad8960380b97beabb4885c0b4b8b4a28537c04024dd6f696fb907e0022100b3e519b7cc0fe1298da98d6afdbac1f201604c384db5199a7247d437d50a4989:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
NoiseLetter November 2025
blogs_greynoiseio
NoiseLetter November 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2022-05-16
Published
Exploited in the wild