Vulnerability
Import all XML, CSV & TXT into WordPress < 6.5.8 – Admin+ SQLi
Description
The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
CVE-ID
CVE-2022-3243
Vendor
Smackcoders
Product
WP Ultimate CSV Importer
Disclosure Timeline
Reported On: 27-07-2022
Made Public On: 20-9-2022
Fixed On: 26-08-2022
Credit Sanjay Das |