cbcvebase.
CVE-2022-1057
published 2022-07-11

CVE-2022-1057: The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.66%
93.1th percentile
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

Affected

1 ranges
VendorProductVersion rangeFixed in
varktechpricing_deals_for_woocommerce<= 2.0.2.02

Detection & IOCsextracted from sources · hover to see the quote

sigma
title: CVE-2022-1057 - Pricing Deals for WooCommerce SQLi
detection:
  selection:
    - 'contains(body, \'WordPress Pricing Deals for WooCommerce \')'
    - 'status_code == 500'
    - 'contains(body, "been a critical error")'
  condition: and
  • Exploit attempts trigger a HTTP 500 status code response from the target WordPress site, indicating a critical error caused by the malformed SQL injection payload.
  • Successful exploitation (or error-based SQLi probing) causes WordPress to return a page body containing the string 'been a critical error', which can be used as a detection signal in HTTP response inspection.
  • The vulnerability is exploitable via an AJAX action available to unauthenticated users — monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for anomalous or unsanitized parameter values from unauthenticated sources.
  • Target fingerprinting: probe for the presence of 'WordPress Pricing Deals for WooCommerce' to identify vulnerable installations before exploitation.
  • ·The vulnerability affects Pricing Deals for WooCommerce plugin versions through 2.0.2.02 only; patched versions are not affected.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.