Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Import all XML, CSV & TXT into WordPress < 6.5.8 – Admin+ SQLi

Vulnerability

Import all XML, CSV & TXT into WordPress < 6.5.8 – Admin+ SQLi

Description

The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

CVE-ID

CVE-2022-3243

Vendor

Smackcoders

Product

WP Ultimate CSV Importer

Disclosure Timeline

Reported On: 27-07-2022

Made Public On: 20-9-2022

Fixed On: 26-08-2022

Credit
Sanjay Das
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Let’s make cyberspace secure together!

Requirements

What our clients are saying!

Trusted by