CVE-2022-3141
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
| CWE | CWE-89 |
| Vendor | unknown |
| Product | translate multilingual sites – translatepress |
| Published | Sep 19, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for unknown translate multilingual sites – translatepress
Be the first to know when new unknown vulnerabilities affecting unknown translate multilingual sites – translatepress are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Unknown / Translate Multilingual sites – TranslatePress
2.3.3 < 2.3.3
References
medium.com: https://medium.com/%40elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514 wpscan.com: https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3 packetstormsecurity.com: http://packetstormsecurity.com/files/171479/WordPress-Translatepress-Multilingual-SQL-Injection.html
Credits
Elias Hohl