The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-11-07T00:00:00
Updated: 2024-08-03T01:14:01.457Z
Reserved: 2022-10-13T00:00:00
Link: CVE-2022-3494
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-07T10:15:12.030
Modified: 2024-11-21T07:19:39.003
Link: CVE-2022-3494
Redhat
No data.