The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-17T00:00:00
Updated: 2024-08-03T01:00:10.864Z
Reserved: 2022-09-20T00:00:00
Link: CVE-2022-3243
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-17T12:15:10.597
Modified: 2024-11-21T07:19:07.780
Link: CVE-2022-3243
Redhat
No data.