4 matches found
VulnCheck KEV: CVE-2022-3254
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...
CVE-2022-3254
creationtimestamp| type| source ---|---|--- 2022-10-31 19:38:14+00:00| seen| https://t.me/cibsecurity/52301 2026-02-06 15:04:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-3254.yaml 2026-02-11 21:03:01+00:00| seen|...
CVE-2022-3254
CVE-2022-3254 affects the WordPress AWP Classifieds Plugin (versions prior to 4.3). The issue is an SQL injection caused by improper sanitization/escaping of parameters in an unauthenticated AJAX action, and is triggered when a specific premium module is active. The vulnerability allows execution...
CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...