CVE-2022-25811

State: PUBLISHED · Published: 2022-08-22 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / Transposh WordPress Translation — v=1.0.8 ≤1.0.8 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/0e0d2c5f-3396-4a0a-a5c6-6a98de3802c9 x_refsource_MISC

Source

cvelistV5-main/cves/2022/25xxx/CVE-2022-25811.json