Critical severity9.8NVD Advisory· Published Mar 14, 2022· Updated Jun 17, 2026
CVE-2022-0254
CVE-2022-0254
Description
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bmarshall511/wordpress_zero_spamPackagist | < 5.2.13 | 5.2.13 |
Affected products
2Patches
Vulnerability mechanics
References
6- plugins.trac.wordpress.org/changeset/2660225nvdPatchThird Party AdvisoryWEB
- plugins.trac.wordpress.org/changeset/2680906nvdPatchThird Party AdvisoryWEB
- wpscan.com/vulnerability/ae54681f-7b89-408c-b0ee-ba4a520db997nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-pq2f-3fg3-rw99ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0254ghsaADVISORY
- github.com/Highfivery/zero-spam-for-wordpress/commit/49723f696f1e2f2a76ac89375910bb036a4895f3ghsaWEB
News mentions
0No linked articles in our index yet.