Vulnerability Description
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cozmoslabs | Translatepress | < 2.3.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171479/WordPress-Translatepress-Multilingua
- https://medium.com/%40elias.hohl/authenticated-sql-injection-vulnerability-in-tr
- https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3ExploitThird Party Advisory
- http://packetstormsecurity.com/files/171479/WordPress-Translatepress-Multilingua
- https://medium.com/%40elias.hohl/authenticated-sql-injection-vulnerability-in-tr
- https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3ExploitThird Party Advisory
FAQ
What is CVE-2022-3141?
CVE-2022-3141 is a vulnerability with a CVSS score of 8.8 (HIGH). The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters,...
How severe is CVE-2022-3141?
CVE-2022-3141 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3141?
Check the references section above for vendor advisories and patch information. Affected products include: Cozmoslabs Translatepress.