CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44588 – WordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-44588
13 Dec 2022 — Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. Vulnerabilidad de inyección SQL no autorizada en el complemento Cryptocurrency Widgets Pack Plugin en versiones <=1.8.1 en WordPress. The Cryptocurrency Widgets Pack plugin for WordPress is vulnerable to generic SQL Injection via an unknown parameter in versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... • https://patchstack.com/database/vulnerability/cryptocurrency-widgets-pack/wordpress-cryptocurrency-widgets-pack-plugin-1-8-1-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1CVE-2022-4059 – Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-4059
09 Dec 2022 — The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. El complemento Cryptocurrency Widgets Pack de WordPress anterior a 2.0 no sanitiza ni escapa algunos parámetros antes de usarlo en una declaración SQL a través de una acción AJAX disponible para usuarios no autenticados, lo que lleva a una inyección SQL. The Cryptocurrency Widgets Pack plu... • https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •