CVE-2022-0657: 
WordPress vulnerability analysis and mitigation

The CVE-2022-0657 vulnerability affects the 5 Stars Rating Funnel WordPress Plugin (RRatingg) versions before 1.2.54. This security flaw was discovered and publicly disclosed on March 29, 2022. The vulnerability exists in the plugin's lead management functionality, specifically in the handling of lead IDs through the rrtnggdeleteleads AJAX action (WPScan).

The vulnerability is classified as an unauthenticated SQL injection issue with a CVSS score of 8.6 (high). The core issue lies in improper sanitization, validation, and escaping of lead IDs before their use in SQL statements. While the plugin attempts to sanitize input using the sanitizetextfield() function, this method is inadequate for preventing SQL injections. The vulnerability is categorized under OWASP Top 10 A1: Injection and CWE-89 (WPScan).

This vulnerability allows unauthenticated users to perform SQL injection attacks through the rrtnggdeleteleads AJAX action. The high CVSS score of 8.6 indicates that successful exploitation could lead to unauthorized database access, data manipulation, or extraction of sensitive information from the WordPress installation (WPScan).

The vulnerability has been patched in version 1.2.54 of the 5 Stars Rating Funnel WordPress Plugin. Website administrators are strongly advised to update to this version or later to protect against potential attacks (WPScan).