CVE-2022-1692

CRITICAL

CP Image Store with Slideshow <= 1.0.67 - SQL Injection

Details

CVSS v3: 9.8
CVSS v2: 7.5
NVD published: 2022-06-08 10:15:10
EPSS: 3.2% probability · 87.0th percentile — 2026-03-20
Affected versions: cpe:2.3:a:dwbooster:cp_image_store_with_slideshow:*:*:*:*:*:wordpress:*:*
Summary: The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
Remediation: Not available in our cache.
Exploit info: https://bulletin.iese.de/post/cp-image-store_1-0-67 https://wpscan.com/vulnerability/83bae80c-f583-4d89-8282-e6384bbc7571

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.