CVE-2022-25811 — SQL Injection in Wordpress Translation

CWE-89 — SQL Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.8%

top 26.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Transposh Wordpress Translation

Timeline

PublishedAug 22

Latest updateAug 23

Description

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDtransposh/transposh_wordpress_translation1.0.8

🔴Vulnerability Details

GHSA

GHSA-qpxf-h287-r5r8: The Transposh WordPress Translation WordPress plugin through 1↗2022-08-23

▶

CVEList

Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection↗2022-08-22

▶