The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-17T00:00:00
Updated: 2022-10-17T00:00:00
Reserved: 2022-09-20T00:00:00
Link: CVE-2022-3243
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-17T12:15:10.597
Modified: 2023-06-07T15:06:18.073
Link: CVE-2022-3243
JSON object: View
Redhat Information
No data.
CWE