Vulnerabilities > CVE-2022-0846 - Unspecified vulnerability in Speakout! Email Petitions Project Speakout! Email Petitions

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
speakout-email-petitions-project
critical

Summary

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Vulnerable Configurations

Part Description Count
Application
Speakout\!_Email_Petitions_Project
1