cve/2022/CVE-2022-3243.md

### [CVE-2022-3243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3243)
![](https://img.shields.io/static/v1?label=Product&message=Import%20all%20XML%2C%20CSV%20%26%20TXT%20into%20WordPress&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.5.8%3C%206.5.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

### POC

#### Reference
- https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-3243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3243)`
			`![](https://img.shields.io/static/v1?label=Product&message=Import%20all%20XML%2C%20CSV%20%26%20TXT%20into%20WordPress&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=6.5.8%3C%206.5.8%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)`

			`### Description`

			`The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a`

			`#### Github`
			`No PoCs found on GitHub currently.`