CVE-2022-3243

HIGH

Import all XML, CSV & TXT WordPress plugin < 6.5.8 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0099
EPSS Percentile 58.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
smackcoders/import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv < 6.5.8
Published Oct 17, 2022
Tracked Since Feb 18, 2026