CVE-2022-1684

CVE-2022-1684: Cube Slider <= 1.2 - Admin+ SQLi

Vendor Unknown

Product CUBE SLIDER

Weakness CWE-89 · SQLi

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin

Key dates

02Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1684

Related vulnerabilities

04Related CVE

CVE-2023-5428 Image vertical reel scroll slideshow <= 9.0 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2025-6936 code-projects Simple Pizza Ordering System addpro.php sql injection CVE-2022-1686 Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id CVE-2023-51423 WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection CVE-2025-40618 SQL injection vulnerability in Bookgy