The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
References
Configurations
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-09-19 14:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-3141
Mitre link : CVE-2022-3141
CVE.ORG link : CVE-2022-3141
JSON object : View
Products Affected
cozmoslabs
- translatepress
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')