Critical severity9.8NVD Advisory· Published May 9, 2022· Updated Jun 17, 2026
CVE-2022-0817
CVE-2022-0817
Description
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=3.7.0+ 1 more
- (no CPE)range: <=3.7.0
- (no CPE)range: 3.7.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/69263610-f454-4f27-80af-be523d25659envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.