CVE-2022-3254

CVE-2022-3254: AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

Vendor Unknown
Product WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds
Weakness CWE-89 · SQLi
Published October 31, 2022
Last update May 6, 2025

CVSS base score

What the vulnerability does

01Description

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection

Key dates

02Disclosure timeline

October 31, 2022 CVE published
May 6, 2025 Record updated