CVE-2022-0771

CVE-2022-0771: SiteSuperCharger < 5.2.0 - Unauthenticated SQLi

Vendor Unknown

Product SiteSuperCharger

Weakness CWE-89 · SQLi

Published May 2, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections

Key dates

02Disclosure timeline

May 2, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0771

Related vulnerabilities

04Related CVE

CVE-2024-6166 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection CVE-2026-10809 itsourcecode Fees Management System manage_user.php sql injection CVE-2023-6607 Tongda OA 2017 delete.php sql injection CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads` CVE-2023-1934