CVE-2022-3141 Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

2022-09-1900:00:00

CWE-89

WPScan

www.cve.org

cve-2022-3141; translate multilingual sites; wordpress plugin; authenticated sql injection; special characters; time-based blind payload

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

58.4%

JSON

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Translate Multilingual sites – TranslatePress",
    "versions": [
      {
        "version": "2.3.3",
        "status": "affected",
        "lessThan": "2.3.3",
        "versionType": "custom"
      }
    ]
  }
]