The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-11-07T00:00:00

Updated: 2024-08-03T01:14:01.457Z

Reserved: 2022-10-13T00:00:00

Link: CVE-2022-3494

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-07T10:15:12.030

Modified: 2024-11-21T07:19:39.003

Link: CVE-2022-3494

cve-icon Redhat

No data.