The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Jun 2023, 15:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Smackcoders import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv
|
|
CPE | cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:* |
20 Oct 2022, 19:26
Type | Values Removed | Values Added |
---|---|---|
First Time |
Smackcoders
Smackcoders an Ultimate Wordpress Importer Cum Migration As Csv \& Xml |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CPE | cpe:2.3:a:smackcoders:an_ultimate_wordpress_importer_cum_migration_as_csv_\&_xml:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a - Exploit, Third Party Advisory |
17 Oct 2022, 12:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-17 12:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-3243
Mitre link : CVE-2022-3243
CVE.ORG link : CVE-2022-3243
JSON object : View
Products Affected
smackcoders
- import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')