CVE-2022-3141
published 2022-09-19CVE-2022-3141: The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.85%
88.8th percentile
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cozmoslabs | translatepress | < 2.3.3 | 2.3.3 |
Detection & IOCsextracted from sources · hover to see the quote
commandtrp_settings[translation-languages][]=en_GB WHERE 4372=4372 AND (SELECT 6967 FROM (SELECT(SLEEP(5)))ZDtR)-- bsZU↗
- →Monitor POST requests to /wp-admin/options-general.php with option_page=trp_settings containing SQL keywords (SLEEP, SELECT, WHERE) in the trp_settings[translation-languages][] parameter, which is the injection point for this time-based blind SQLi. ↗
- →Detect the presence of SLEEP() calls within the trp_settings[translation-languages][] POST parameter as a strong indicator of active exploitation of this time-based blind SQL injection. ↗
- →Alert on POST requests to the WordPress settings update action (action=update, option_page=trp_settings) where any trp_settings parameter value contains SQL comment sequences (e.g., --) or subquery patterns (SELECT...FROM), indicating attempted SQL injection via the language settings form. ↗
- ·Exploitation requires authentication; the attacker must have sufficient privileges to access the TranslatePress settings page (wp-admin) and submit language configuration changes. ↗
- ·The SQL injection is injected via the language name/slug field in the plugin settings; WAF rules should inspect POST body parameters for trp_settings keys, not just URL query strings. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171479/WordPress-Translatepress-Multilingual-SQL-Injection.htmlhttps://medium.com/%40elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3http://packetstormsecurity.com/files/171479/WordPress-Translatepress-Multilingual-SQL-Injection.htmlhttps://medium.com/%40elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3
2022-09-19
Published