Vulnerabilities > CVE-2022-3494 - Unspecified vulnerability in Really-Simple-Plugins Complianz

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

really-simple-plugins

NVD

Published: 2022-11-07

Updated: 2024-11-21

Summary

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.

Vulnerable Configurations

Part	Description	Count
Application	Really-Simple-Plugins Really Simple Plugins Complianz *	2

References

https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-8db88b1a9b34
https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-8db88b1a9b34