// For flags

CVE-2022-2593

Better Search and Replace < 1.4.1 - Admin+ SQLi

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks

El plugin Better Search Replace de WordPress versiones anteriores a 1.4.1, no sanea y escapa apropiadamente los datos de la tabla antes de insertarlos en una consulta SQL, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de inyección SQL.

The plugin Better Search Replace for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to lack of sanitization of user input in the construction of a database query. This makes it possible for authenticated attackers with administrator-level accounts to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

*Credits: Christiaan Swiers
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Multiple
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-01 CVE Reserved
  • 2022-08-01 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Deliciousbrains
Search vendor "Deliciousbrains"
 Better Search Replace
Search vendor "Deliciousbrains" for product "Better Search Replace"
 < 1.4.1
Search vendor "Deliciousbrains" for product "Better Search Replace" and version " < 1.4.1"
wordpress
Affected