CVE-2022-25811

2022-08-2215:15:14

CWE-89

WPScan

web.nvd.nist.gov

cve-2022-25811

transposh

wordpress translation

sql injection

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.7%

JSON

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection

Affected configurations

Nvd

Vulners

Node

transposhtransposh_wordpress_translationRange≤1.0.8wordpress

VendorProductVersionCPE
transposhtransposh_wordpress_translation*cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
transposh	transposh_wordpress_translation	*	cpe:2.3:a:transposh:transposh_wordpress_translation::::::wordpress::*

CNA Affected

[
  {
    "product": "Transposh WordPress Translation",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "1.0.8",
        "versionType": "custom"
      }
    ]
  }
]