cve/2022/CVE-2022-0787.md

### [CVE-2022-0787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0787)
![](https://img.shields.io/static/v1?label=Product&message=Limit%20Login%20Attempts%20(Spam%20Protection)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.1%3C%205.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

### POC

#### Reference
- https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd
- https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd

#### Github
- https://github.com/cyllective/CVEs
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-0787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0787)`
			`![](https://img.shields.io/static/v1?label=Product&message=Limit%20Login%20Attempts%20(Spam%20Protection)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.1%3C%205.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)`

			`### Description`

			`The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`- https://github.com/cyllective/CVEs`