cleantalk
Vulnerabilities and Security Researches

Title Experiments Free, CVE-2022-0784

CVE, Research URL

CVE-2022-0784

Home page URL

Security reports for Title Experiments Free

Application

Title Experiments Free

Published on
Mar 28, 2022
Research Description
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection
Affected versions
max 9.0.1.
Status
vulnerable
Previous vulnerability researches
Title Experiments Free (CVE-2025-22562) , Jan 09, 2025
Title Experiments Free (CVE-2022-0784) , Jun 07, 2024
Title Experiments Free (CVE-2025-22561) , Jun 14, 2026
New vulnerability
WooCommerce Digital Signature (CVE-2026-52694) , Jun 17, 2026
Permalink Manager Lite (CVE-2026-8494) , Jun 17, 2026
Static Block (CVE-2026-10780) , Jun 17, 2026
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026