Lucene search
Elias HohlWPEX-ID:1FA355D1-CCA8-4B27-9D21-0B420A2E1BF3HistoryJul 23, 2022 - 12:00 a.m.
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
2022-07-2300:00:00
Elias Hohl
93
0.002 Low
EPSS
Percentile
58.5%
The plugin is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
To exploit the vulnerability, someone must send a specifically crafted request adding a new language containing specific special characters, and then open another page and measure the response time to retrieve data. This can be automated via sqlmap.Related
prion
prion
Sql injection
2022-09-19 14:15:00
wpvulndb
wpvulndb
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
2022-07-23 00:00:00
openvas
openvas
nvd
nvd
CVE-2022-3141
2022-09-19 14:15:11
patchstack
patchstack
zdt
zdt
cve
cve
CVE-2022-3141
2022-09-19 14:15:11
packetstorm
packetstorm
WordPress Translatepress Multilingual SQL Injection
2023-03-27 00:00:00
cvelist
cvelist
CVE-2022-3141 Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
2022-09-19 00:00:00
exploitdb
exploitdb