CVE-2022-45355 – This vulnerability allows authenticated adminis... (How to Fix)

Q: What is the severity of CVE-2022-45355?

CVE-2022-45355 has a CVSS score of 8.2 (HIGH). This vulnerability allows authenticated administrators to execute arbitrary SQL commands through the WP Pipes WordPress plugin. Attackers with admin access can extract, modify, or delete database content, potentially compromising the entire WordPress installation. Only WordPress sites using WP Pipes version 1.33 or earlier are affected.

📋 TL;DR

This vulnerability allows authenticated administrators to execute arbitrary SQL commands through the WP Pipes WordPress plugin. Attackers with admin access can extract, modify, or delete database content, potentially compromising the entire WordPress installation. Only WordPress sites using WP Pipes version 1.33 or earlier are affected.

💻 Affected Systems

Products:

WordPress WP Pipes plugin

Versions: <= 1.33

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress admin privileges to exploit. All WordPress installations with vulnerable plugin versions are affected regardless of OS.

📦 What is this software?

Wp Pipes by Thimpress

View all CVEs affecting Wp Pipes →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, site defacement, privilege escalation to full server access, or installation of persistent backdoors.

🟠

Likely Case

Attackers with stolen admin credentials could extract sensitive data (user credentials, payment info), modify site content, or install malicious plugins/themes.

🟢

If Mitigated

With proper access controls and monitoring, impact limited to database manipulation within the WordPress context, with detection of unusual admin activity.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials but SQL injection payloads are straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 1.33

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-pipes/wordpress-wp-pipes-plugin-1-33-auth-sql-injection-sqli-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Pipes plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched version is available

wp plugin deactivate wp-pipes

Admin Access Restriction

all

Temporarily restrict admin panel access to trusted IP addresses only

🧯 If You Can't Patch

Implement strict admin credential policies with MFA and regular rotation
Deploy WAF rules to block SQL injection patterns targeting WordPress admin endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → WP Pipes version number. If version is 1.33 or lower, you are vulnerable.

Check Version:

wp plugin get wp-pipes --field=version

Verify Fix Applied:

After update, verify WP Pipes version is greater than 1.33 in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress debug logs
Multiple failed admin login attempts followed by successful login
Admin user performing unexpected database operations

Network Indicators:

POST requests to wp-admin containing SQL keywords (UNION, SELECT, INSERT) in parameters
Unusual database connection patterns from web server

SIEM Query:

source="wordpress.log" AND ("UNION SELECT" OR "information_schema" OR "wp_users") AND uri_path="/wp-admin/*"

📊 Metadata

CVE ID: CVE-2022-45355

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-89

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45355, you might also want to check these: