cbcvebase.
CVE-2022-4050
published 2022-12-19

CVE-2022-4050: The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection…

PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.76%
90.8th percentile
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

Affected

1 ranges
VendorProductVersion rangeFixed in
beardevjoomsport< 5.2.85.2.8

Detection & IOCsextracted from sources · hover to see the quote

otherjscaruselcont jsview2
sigma
title: WordPress JoomSport SQLi Detection
detection:
  selection:
    status_code: 200
  condition: and
filter:
  - 'contains(content_type, "text/html")'
  - 'contains(body, "jscaruselcont jsview2")'
  • The SQL injection in JoomSport WordPress plugin (before 5.2.8) is exploitable by unauthenticated users — no authentication required. Monitor for anomalous SQL syntax (e.g., quote characters, boolean/time-based payloads) in HTTP parameters targeting JoomSport plugin endpoints.
  • Fingerprint JoomSport-enabled WordPress sites by checking HTTP response body for the string 'jscaruselcont jsview2', which indicates the vulnerable plugin is active.
  • Probe detection rule uses a payload containing a single quote followed by '=7'' to trigger SQL injection error or behavioral difference — look for this pattern in web server access logs targeting JoomSport plugin parameters.
  • ·The detection rule digest is provided for integrity verification of the rule itself. Validate the rule file matches this digest before deployment.
  • ·The vulnerability affects JoomSport WordPress plugin versions before 5.2.8 only. Ensure version scoping is applied when deploying detections to avoid false positives on patched installations.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.