First published: Mon Oct 31 2022(Updated: )
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Awpcp Another Wordpress Classifieds Plugin | <4.3 | |
Strategy11 Awp Classifieds Wordpress | <4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-3254 is critical.
CVE-2022-3254 affects the WordPress Classifieds Plugin version before 4.3.
CVE-2022-3254 can lead to SQL injection.
To fix CVE-2022-3254, update the WordPress Classifieds Plugin to version 4.3 or later.
Yes, CVE-2022-3254 can be exploited by unauthenticated users.