cbcvebase.
CVE-2022-1950
published 2022-08-01

CVE-2022-1950: The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to…

PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.11%
89.5th percentile
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

Affected

6 ranges
VendorProductVersion rangeFixed in
apachetika>= 0 < 1.22-1ubuntu0.1~esm11.22-1ubuntu0.1~esm1
apachetika>= 0 < 1.22-2ubuntu0.22.04.1~esm11.22-2ubuntu0.22.04.1~esm1
kainelabsyouzify< 1.2.01.2.0
linuxlinux_kernel>= 6.1.0 < 6.1.286.1.28
linuxlinux_kernel>= 6.2.0 < 6.2.156.2.15
linuxlinux_kernel>= 6.3.0 < 6.3.26.3.2

Detection & IOCsextracted from sources · hover to see the quote

sigma
contains(body, "youzify-media") AND status_code == 200
  • The SQL injection is triggered via an AJAX action available to unauthenticated users — monitor WordPress AJAX endpoints (wp-admin/admin-ajax.php) for requests containing SQL metacharacters (e.g., a single-quote payload) targeting Youzify parameters.
  • Presence of the string 'youzify-media' in HTTP response body combined with HTTP 200 status is a fingerprint condition used to confirm a vulnerable/exploited Youzify installation.
  • A single-quote appended to the Youzify version parameter (e.g., 'Youzify = 6\'') is indicative of a SQL injection probe against this plugin.
  • ·The vulnerability affects Youzify WordPress plugin versions before 1.2.0 only; patched at 1.2.0.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
vulncheck9.8CRITICAL
vendor_redhat4.4LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.