CVE-2022-3494

CVE-2022-3494: Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi

Vendor Unknown
Product Complianz – GDPR/CCPA Cookie Consent
Weakness CWE-89 · SQLi
Published November 7, 2022
Last update May 1, 2025

CVSS base score

What the vulnerability does

01Description

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.

Key dates

02Disclosure timeline

November 7, 2022 CVE published
May 1, 2025 Record updated