CVE-2022-1014

CVE-2022-1014: WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi

Vendor Unknown

Product WP Contacts Manager

Weakness CWE-89 · SQLi

Published May 23, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.

Key dates

02Disclosure timeline

May 23, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1014

Related vulnerabilities

04Related CVE

CVE-2023-1960 SourceCodester Online Computer and Laptop Store sql injection CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction() CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation MS CVE-2025-7861 code-projects Church Donation System search.php sql injection CVE-2023-1740 SourceCodester Air Cargo Management System GET Parameter manage_user.php sql injection