vulnerability

WordPress Plugin: sitesupercharger: CVE-2022-0771: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 17, 2022

Added

May 15, 2025

Modified

May 4, 2026

Description

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections

Solution

sitesupercharger-plugin-cve-2022-0771

References

https://www.cve.org/CVERecord?id=CVE-2022-0771
https://www.wordfence.com/threat-intel/vulnerabilities/id/ddc91762-b1b0-4d88-bf2d-04a35aab62b1?source=api-prod
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-15827
CVE-2022-0771
https://attackerkb.com/topics/CVE-2022-0771
CWE-89
EUVD-EUVD-2022-15827

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report