Cryptocurrency Widgets Pack Plugin <=1.8.1 for WordPress contains an unauthenticated SQL injection caused by unsanitized user input in database queries, letting attackers execute arbitrary SQL commands, exploit requires no authentication. [已公开] id: CVE-2022-44588 info: name: Cryptocurrency Widgets Pack <= 1.8.1 - SQL Injection author: Shivam Kamboj severity: critical description: | Cryptocurrency Widgets Pack Plugin <=1.8.1 for WordPress contains an unauthenticated SQL injection caused by unsanitized user input in database queries, letting attackers execute arbitrary SQL commands, exploit requires no authentication. impact: | Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion of sensitive information. remediation: | Update to the latest version of the plugin where the vulnerability is fixed. reference: - https://nvd.nist.gov/vuln/detail/CVE-2022-44588 - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cryptocurrency-widgets-pack/cryptocurrency-widgets-pack-181-unauthenticated-sql-injection-2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-44588

未知