CVE-2022-3141

CVE-2022-3141: Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

Vendor Unknown

Product Translate Multilingual sites – TranslatePress

Weakness CWE-89 · SQLi

Published September 19, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

Key dates

02Disclosure timeline

September 19, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3141 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-51637 Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability CVE-2025-4793 PHPGurukul Online Course Registration edit-student-profile.php sql injection CVE-2024-6268 lahirudanushka School Management System Login Page login.php sql injection CVE-2023-2815 SourceCodester Online Jewelry Store POST Parameter supplier.php sql injection CVE-2024-25902 WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection