CVE-2022-0784

CVE-2022-0784: Title Experiments Free < 9.0.1 - Unauthenticated SQLi

Vendor Unknown

Product Title Experiments Free

Weakness CWE-89 · SQLi

Published March 28, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection

Key dates

02Disclosure timeline

March 28, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0784 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-12614 Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key CVE-2025-32865 CVE-2021-25045 Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id CVE-2023-49166 WordPress MSync Plugin <= 1.0.0 is vulnerable to SQL Injection CVE-2014-125083 Anant Labs google-enterprise-connector-dctm sql injection