{"vulnerability": "CVE-2022-25148", "sightings": [{"uuid": "a1cbda0e-a2f9-4dc9-9bfd-0091c4e6d439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25148", "type": "seen", "source": "https://t.me/ctinow/173902", "content": "https://ift.tt/u6PQdbO\nCVE-2022-25148 Exploit", "creation_timestamp": "2024-01-26T01:16:58.000000Z"}, {"uuid": "9702979e-8495-4316-9da6-59c672a5c371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25148", "type": "seen", "source": "https://t.me/Dooztoria/22", "content": "\ud83c\udf65 Overview of Vulnerable Endpoints in WordPress Applications\n\n    cves               path\n \nCVE-2022-2864  includes/settings.php                               \nCVE-2022-3227  includes/class-searchwp-live-ajax-search.php       \nCVE-2022-2941  admin/class-wp-useronline-admin.php               \nspecifiNoted   includes/class-wpvivid-backup.php                      \nCVE-2022-2436  includes/class-download-manager.php               \nCVE-2022-25148 includes/class-wp-statistics-hits.php               \nCVE-2022-1476  lib/model/class-ai1wm-backups.php                   \nCVE-2022-0236  includes/classes/class-wpie-general.php           \nCVE-2022-1119  includes/ee-downloader.php                       \nCVE-2022-0888  includes/class-ninja-forms-file-uploads.php", "creation_timestamp": "2025-12-19T20:18:03.000000Z"}, {"uuid": "924aacc6-e761-4462-a0b3-996fc139332d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25148", "type": "seen", "source": "https://t.me/cibsecurity/38047", "content": "\u203c CVE-2022-25148 \u203c\n\nThe WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T22:14:57.000000Z"}]}