exploitDog

CVE-2022-3243

Опубликовано: 17 окт. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

Ссылки

https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:*

Версия до 6.5.8 (исключая)

EPSS

Процентиль: 67%

0.00537

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-5cp7-rvwq-5jc9

CVSS3: 7.2

github

больше 3 лет назад

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

EPSS

Процентиль: 67%

0.00537

Низкий

7.2 High

CVSS3

Дефекты

CWE-89