CVE-2022-0782

CVE-2022-0782: Donations <= 1.8 - Unauthenticated SQLi

Vendor Unknown

Product Donations

Weakness CWE-89 · SQLi

Published April 25, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

Key dates

02Disclosure timeline

April 25, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0782 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-48134 SQL injection issue in UserCheck Portal when DLP Software Blade is active CVE-2023-50752 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) CVE-2024-8168 code-projects Online Bus Reservation Site login.php sql injection CVE-2025-8496 projectworlds Online Admission System viewform.php sql injection CVE-2022-0983