CVE-2022-3243
Summary
| CVE | CVE-2022-3243 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-17 12:15:00 UTC |
| Updated | 2023-06-07 15:06:00 UTC |
| Description | The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Smackcoders | An Ultimate Wordpress Importer Cum Migration As Csv Xml | All | All | All | All |
| Application | Smackcoders | Import All Pages Post Types Products Orders And Users As Xml Csv | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi WordPress Security Vulnerability | MISC | wpscan.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Sanjay Das
There are currently no legacy QID mappings associated with this CVE.