CVE-2022-1013

CVE-2022-1013: Personal Dictionary < 1.3.4 - Unauthenticated SQLi

Vendor Unknown

Product Personal Dictionary

Weakness CWE-89 · SQLi

Published May 9, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.

Key dates

02Disclosure timeline

May 9, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1013

Related vulnerabilities

04Related CVE

CVE-2024-2672 Campcodes Online Job Finder System controller.php sql injection CVE-2024-12234 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL CVE-2026-20002 CVE-2026-5675 itsourcecode Construction Management System Parameter borrowed_tool.php sql injection