S4E

CVE-2022-0781 Scanner

Detects 'SQL Injection' vulnerability in Nirweb support plugin for Wordpress affects v. before 2.8.2.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month

Scan only one

Domain, IPv4

Toolbox

-

The Nirweb support plugin for WordPress is a tool designed to provide users with support for their websites. This plugin enables users to submit support requests, track tickets, and view support history, all from within the WordPress platform. The Nirweb support plugin is widely used and popular amongst WordPress users and website owners.

Recently, a vulnerability has been detected in the Nirweb support plugin, known as CVE-2022-0781. This vulnerability allows unauthenticated users to inject arbitrary SQL commands through a parameter that has not been sanitized or escaped before being used in an SQL statement via an AJAX action. This vulnerability could lead to unauthorized access to sensitive data, including usernames, passwords, or other confidential information.

If an attacker successfully exploits this vulnerability, they can gain access to the database and retrieve or modify stored information. This could allow them to gain control of the website and cause damage to its reputation. The possibilities are endless, depending on the motive of the attacker.

In conclusion, the Nirweb support plugin issue highlights the importance of staying up-to-date with software releases and keeping your website secure from vulnerabilities. s4e.io is an excellent platform that can quickly and easily help you identify vulnerabilities in your websites, including the Nirweb support plugin. Don't wait to become a victim of cyber-attacks. Protect yourself today!

 

REFERENCES

Get started to protecting your Free Full Security Scan