CVE-2022-3254
published 2022-10-31CVE-2022-3254: The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an…
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.10%
91.3th percentile
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| strategy11 | awp_classifieds | < 4.3 | 4.3 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin-ajax.php?action=awpcp-get-regions-options&context=search&parent_type=country&parent=test&type=id`+FROM+wp_users+WHERE+1=0+UNION+SELECT+VERSION();--+-↗
pathplugins/another-wordpress-classifieds-plugin/
- →The vulnerable AJAX action is `awpcp-get-regions-options`, triggered via GET request to wp-admin/admin-ajax.php with no authentication required. The `type` parameter is injectable.
- →A successful SQL injection response returns HTTP 200 with a JSON body containing both `options` and `status` keys, and `options` is neither false nor an empty array.
- →Exploit requires the premium module of the AWP Classifieds plugin to be active; scan for plugin path `plugins/another-wordpress-classifieds-plugin/` to identify targets.
- ·Exploitation requires a specific premium module of the WordPress Classifieds Plugin (AWP Classifieds) to be active; the vulnerability is not exploitable on installations using only the free/base plugin. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xm5j-qjxj-574h: The WordPress Classifieds Plugin WordPress plugin before 4
ghsa_unreviewed·2022-10-31
CVE-2022-3254 [CRITICAL] CWE-89 GHSA-xm5j-qjxj-574h: The WordPress Classifieds Plugin WordPress plugin before 4
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
VulnCheck
strategy11 awp_classifieds Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-3254 [CRITICAL] strategy11 awp_classifieds Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
strategy11 awp_classifieds Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
Affected: strategy11 awp_classifieds
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2022-3254
No detection rules found.
Nuclei
AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
nuclei·CVSS 9.8
CVE-2022-3254 [CRITICAL] AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active.
Template:
id: CVE-2022-3254
info:
name: AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
author: Shivam Kamboj
severity: critical
description: |
WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active.
remediation: |
Update to version 4.3 or later.
impact: |
Attackers c
No writeups or analysis indexed.
2022-10-31
Published
Exploited in the wild