Published: 19/09/2022 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The Translate Multilingual sites WordPress plugin prior to 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cozmoslabs translatepress

Authenticated SQL injection vulnerability in "Translatepress Multilingual" Wordpress plugin

translatepress-exploit Authenticated SQL injection vulnerability in "Translatepress Multilingual" Wordpress plugin mediumcom/@eliashohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514 This vulnerability has been assigned CVE-2022-3141 nvdnistgov/vuln/detail/CVE-2022-3141 Start a new Wordpres

CWE-89 https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3 http://packetstormsecurity.com/files/171479/WordPress-Translatepress-Multilingual-SQL-Injection.html https://medium.com/%40elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514 https://nvd.nist.gov https://github.com/ehtec/translatepress-exploit

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-3141

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect