CVE-2022-3243

{"id": "CVE-2022-3243", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-10-17T12:15:10.597", "references": [{"url": "https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin"}, {"lang": "es", "value": "El plugin Import all XML, CSV & TXT de WordPress versiones anteriores a 6.5.8, no sanea y escapa apropiadamente de los datos importados antes de usarlos en las sentencias SQL, conllevando a una inyecci\u00f3n SQL que puede ser explotada por usuarios con altos privilegios, como el administrador"}], "lastModified": "2023-06-07T15:06:18.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:wordpress:*:*:*", "vulnerable": true, "matchCriteriaId": "00F99057-7DDD-4C18-B8A3-B6FAE83B2820", "versionEndExcluding": "6.5.8"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}