CVE-2022-1057
published 2022-07-11CVE-2022-1057: The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.66%
93.1th percentile
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| varktech | pricing_deals_for_woocommerce | <= 2.0.2.02 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: CVE-2022-1057 - Pricing Deals for WooCommerce SQLi
detection:
selection:
- 'contains(body, \'WordPress Pricing Deals for WooCommerce \')'
- 'status_code == 500'
- 'contains(body, "been a critical error")'
condition: and- →Exploit attempts trigger a HTTP 500 status code response from the target WordPress site, indicating a critical error caused by the malformed SQL injection payload.
- →Successful exploitation (or error-based SQLi probing) causes WordPress to return a page body containing the string 'been a critical error', which can be used as a detection signal in HTTP response inspection.
- →The vulnerability is exploitable via an AJAX action available to unauthenticated users — monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for anomalous or unsanitized parameter values from unauthenticated sources.
- →Target fingerprinting: probe for the presence of 'WordPress Pricing Deals for WooCommerce' to identify vulnerable installations before exploitation.
- ·The vulnerability affects Pricing Deals for WooCommerce plugin versions through 2.0.2.02 only; patched versions are not affected.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-1057 [CRITICAL] WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
WordPress Pricing Deals for WooCommerce =6'
- 'status_code == 500'
- 'contains(body, "been a critical error")'
condition: and
# digest: 4a0a00473045022100be4a48b6b2c041ec76c11476c5168dab4d76ecc4243550a969c56c9b775989840220723a490766296441795e48f130ebe9bc745b1087d742832b0768c5c663583cee:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2022-40896 pygments: ReDoS in pygments
bugzilla·2023-11-27·CVSS 5.5
CVE-2022-40896 [MEDIUM] CVE-2022-40896 pygments: ReDoS in pygments
CVE-2022-40896 pygments: ReDoS in pygments
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
Discussion:
Created python-pip tracking bugs for this issue:
Affects: fedora-all [bug 2253941]
---
Created mingw-python-pygments tracking bugs for this issue:
Affects: fedora-all [bug 2259081]
Created python-pygments tracking bugs for this issue:
Affects: fedora-all [bug 2259082]
Created python-pygments2 tracking bugs for this issue:
Affects: epel-all [bug 2259080]
---
This issue has been addressed in the following products:
Red Hat Ansible Automation Platform 2.4 for RHEL 9
Red Hat Ansible Automation Platform 2.4 for RHEL 8
Via RHSA-2024:1057 https://access.redhat.com/errata/RHSA-2024:1057
---
This issue has been addressed in t
2022-07-11
Published