CVE-2022-1023

HIGH

Podcast Importer SecondLine < 1.3.8 - SQL Injection via Malicious Podcast File Import

Title source: llm
STIX 2.1

Description

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file

References (2)

Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/163069cd-98a8-4cfb-8b58-a6727a7d5c48
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2696254

Scores

CVSS v3 7.2
EPSS 0.0146
EPSS Percentile 70.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
secondlinethemes/podcast_importer_secondline < 1.3.8
Published Apr 11, 2022
Tracked Since Feb 18, 2026