CVE-2022-1800

State: PUBLISHED · Published: 2022-06-13 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / Export any WordPress data to XML/CSV — v=1.3.5 <1.3.5 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/4267109c-0ca2-441d-889d-fb39c235f128 x_refsource_MISC

Source

cvelistV5-main/cves/2022/1xxx/CVE-2022-1800.json