CVE-2022-0693 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Master Elements plugin for WordPress affects v. through 8.0.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
The Master Elements WordPress plugin is a popular tool used for creating interactive and dynamic web pages on WordPress-based websites. It offers numerous features such as custom post types, elements library, and layout design tools. The plugin allows users to easily design and manage the appearance of their webpage, making it one of the most popular website designing plugins available for WordPress users.
However, the plugin has recently been found to have a serious vulnerability that has been assigned CVE-2022-0693. This vulnerability occurs due to a lack of sanitization of the meta_ids parameter of the remove_post_meta_condition AJAX action. The plugin allows both authenticated and unauthenticated users to manipulate the parameter, which in turn can lead to an SQL Injection attack.
Exploitation of this vulnerability can lead to a range of serious consequences such as unauthorized access to sensitive data, website defacement, and malicious code injection. The SQL Injection attack enabled by the vulnerability can be used to bypass security systems, steal sensitive information, and even take control of the website completely. The potential damages are limitless and can be devastating for website owners and users.
At s4e.io, we offer pro features that can aid individuals in identifying and fixing security vulnerabilities on their digital assets. Our platform provides comprehensive vulnerability management tools that allow users to scan, identify, and fix vulnerabilities on their websites. With our services, individuals can be assured of the security of their digital assets and have peace of mind knowing that their websites are protected from vulnerabilities like CVE-2022-0693.
REFERENCES