cbcvebase.
CVE-2022-1692
published 2022-06-08

CVE-2022-1692: The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.36%
95.1th percentile
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack

Affected

1 ranges
VendorProductVersion rangeFixed in
dwboostercp_image_store_with_slideshow< 1.0.681.0.68

Detection & IOCsextracted from sources · hover to see the quote

url{{RootURL}}{{path}}?ordering_by=post_title%20DESC%2C(SELECT%209143%20FROM%20(SELECT(SLEEP(8)))cFAm)--%20
otherordering_by=post_title DESC,(SELECT 9143 FROM (SELECT(SLEEP(8)))cFAm)--
  • Detect time-based blind SQLi attempts against WordPress sites using the CP Image Store plugin by monitoring GET requests with 'ordering_by' query parameter containing SQL sleep payloads (SLEEP function) and response duration >= 8 seconds.
  • Confirm exploitation context by checking that the response body contains the string 'cpis_image=' alongside a 200 status code and the malicious ordering_by parameter.
  • The vulnerable parameter is 'ordering_by' in GET requests to pages embedding the [codepeople-image-store] shortcode; unauthenticated users can inject SQL via this parameter.
  • ·Vulnerability affects CP Image Store with Slideshow WordPress plugin versions before 1.0.68 only; patched in 1.0.68 and later.
  • ·The SQLi is only exploitable on pages where the [codepeople-image-store] shortcode is embedded; scanning must first discover such pages before attempting the injection.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.