Vulnerabilities > CVE-2022-0784 - Unspecified vulnerability in Title Experiments Free Project Title Experiments Free

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
title-experiments-free-project
critical

Summary

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection

Vulnerable Configurations

Part Description Count
Application
Title_Experiments_Free_Project
1