Lucene search
HistoryOct 17, 2022 - 12:15 p.m.
CVE-2022-3243
wordpress plugin
sql injection
high privilege users
cve-2022-3243
security vulnerability
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
32.2%
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
Affected configurations
Node
smackcodersimport_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csvRange<6.5.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| smackcoders | import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | * | cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:* |
Related
prion
prion
Sql injection
2022-10-17 12:15:00
wpvulndb
wpvulndb
Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi
2022-09-20 00:00:00
patchstack
patchstack
cve
cve
CVE-2022-3243
2022-10-17 12:15:10
cvelist
cvelist
CVE-2022-3243 Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi
2022-10-17 00:00:00
wpexploit
wpexploit
Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi
2022-09-20 00:00:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
32.2%
Related for NVD:CVE-2022-3243