CVE-2022-4099

{"id": "CVE-2022-4099", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-02T22:15:16.010", "references": [{"url": "https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection"}, {"lang": "es", "value": "El complemento Joy Of Text Lite de WordPress anterior a 2.3.1 no sanitiza ni escapa adecuadamente algunos par\u00e1metros antes de usarlos en sentencias SQL accesibles para usuarios no autenticados, lo que lleva a una inyecci\u00f3n de SQL no autenticado."}], "lastModified": "2023-11-07T03:56:55.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getcloudsms:joy_of_text_lite:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7F4CB018-61A1-49A4-A94F-736CD1554C7C", "versionEndExcluding": "2.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}