CVE-2022-3494
- Reference to the description:
- Description:
- The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.
- Last updated date:
- 11/10/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/10/2022
- Reference url to background
https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-8db88b1a9b34