cbcvebase.
CVE-2022-4049
published 2023-01-02

CVE-2022-4049: The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.76%
90.8th percentile
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Affected

1 ranges
VendorProductVersion rangeFixed in
wp_user_projectwp_user<= 7.0

Detection & IOCsextracted from sources · hover to see the quote

other"wpuser_update_setting":"([0-9a-zA-Z]+)"
  • HTTP response status code 200 with Content-Type text/html and body containing 'Invalid Access' indicates a potentially vulnerable WP User plugin endpoint responding to unauthenticated SQL injection probe.
  • Extract the wpuser_update_setting nonce value from the response body using the regex pattern '"wpuser_update_setting":"([0-9a-zA-Z]+)"' — this nonce is required to craft the unauthenticated SQL injection request.
  • The vulnerability is exploitable by unauthenticated users via unsanitized parameter passed directly into a SQL statement in the WP User WordPress plugin through version 7.0.
  • ·The probe targets WP User plugin version 7.0 and below; the condition checks for 'Invalid Access' in the response body as a fingerprint of the vulnerable plugin.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.