CVE-2022-0788 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in WP Fundraising Donation and Crowdfunding Platform plugin for WordPress affects v. before 1.5.0.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4
Toolbox
-
WP Fundraising Donation and Crowdfunding Platform is a popular plugin used by WordPress users to raise funds and donations for various purposes such as charity, non-profit organizations, personal campaigns, and more. With this plugin, users can easily create campaigns, accept donations, and track the progress of their fundraising efforts. It is a convenient and reliable tool for those who seek to gather support for their projects and causes.
The recently discovered CVE-2022-0788 vulnerability is a critical security flaw in the WP Fundraising Donation and Crowdfunding Platform plugin before version 1.5.0. The plugin fails to sanitise and escape a parameter before using it in a SQL statement through its REST route, which can lead to SQL injection attacks. An attacker can exploit this vulnerability remotely without authentication, which means that even unauthenticated users can take advantage of the flaw to gain access to sensitive data or to manipulate the database.
When exploited, this vulnerability can have severe consequences. Attackers can steal data, modify the content of the website or database, inject malicious code, execute arbitrary commands, gain administrative access, and cause various forms of damage depending on their intentions. The consequences can range from minor issues to major security breaches that can put organizations, businesses, or individuals at risk of financial loss, reputation damage, legal action, and other serious consequences.
In conclusion, the WP Fundraising Donation and Crowdfunding Platform plugin is a valuable tool for fundraising and crowd sourcing for WordPress users. However, the recently detected CVE-2022-0788 vulnerability is a critical security flaw that can be exploited remotely by unauthenticated users. It can lead to severe consequences for users if ignored. Taking the precautions listed can help users protect their digital assets from SQL injection attempts. Furthermore, the pro features of s4e.io can help users identify any vulnerabilities in their digital assets and quickly patch them.
REFERENCES