CVE-2022-0867

ARPrice Lite < 3.6.1 - Unauthenticated SQLi

Basic Information

CVE State: PUBLISHED
Reserved Date: March 04, 2022
Published Date: May 16, 2022
Last Updated: August 02, 2024
Vendor: reputeinfosystems
Product: Pricing Table Plugin
Description: The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score: 88.07% (Percentile: 99.44%) as of 2025-06-13

Exploit Status

Exploited in the Wild: Yes (2025-05-16 00:00:00 UTC) Source

References

https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-05-16 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0867.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

March 04, 2022
CVE Published to Public

May 16, 2022
Detected by Nuclei

April 26, 2025
Added to KEVIntel

May 16, 2025