The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-10-17T00:00:00

Updated: 2024-08-03T01:00:10.864Z

Reserved: 2022-09-20T00:00:00

Link: CVE-2022-3243

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-17T12:15:10.597

Modified: 2024-11-21T07:19:07.780

Link: CVE-2022-3243

cve-icon Redhat

No data.