CVE-2022-3254

State: PUBLISHED · Published: 2022-10-31 · Updated: 2025-05-06 · Assigner: WPScan

Description

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds — v=4.3 <4.3 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660

Source

cvelistV5-main/cves/2022/3xxx/CVE-2022-3254.json