CVE-2022-3243

CVE-2022-3243: Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

Vendor Unknown

Product Import all XML, CSV & TXT into WordPress

Weakness CWE-89 · SQLi

Published October 17, 2022

Last update May 14, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

Key dates

02Disclosure timeline

October 17, 2022 CVE published

May 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3243 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-47575 WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability CVE-2025-10111 itsourcecode Student Information Management System index.php sql injection CVE-2024-7370 SourceCodester Simple Realtime Quiz System manage_quiz.php sql injection CVE-2023-2048 Campcodes Advanced Online Voting System voters_row.php sql injection CVE-2025-43022 Poly Clariti Manager - Multiple Security Vulnerabilities