CVE-2022-3720

{"id": "CVE-2022-3720", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-11-21T11:15:20.823", "references": [{"url": "https://wpscan.com/vulnerability/0139a23c-4896-4aef-ab56-dcf7f07f01e5", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/0139a23c-4896-4aef-ab56-dcf7f07f01e5", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users"}, {"lang": "es", "value": "El complemento Event Monster de WordPress anterior a 1.2.0 no valida ni escapa algunos par\u00e1metros antes de usarlos en sentencias SQL, lo que podr\u00eda conducir a una inyecci\u00f3n SQL explotable por usuarios con altos privilegios."}], "lastModified": "2024-11-21T07:20:06.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:awplife:event_monster:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "122BC640-3980-40A1-BBFD-85590E10D565", "versionEndExcluding": "1.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}