Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi
CVE-2022-3494

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Complianz – Gdpr/ccpa Cookie Consent; Complianz Premium
Vendor: CVE Published:; 7 November 2022

Summary

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.

Affected Version(s)

Complianz – GDPR/CCPA Cookie Consent 6.3.4

Complianz Premium 6.3.6

References

https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2022
Vulnerability Reserved
Oct 13, 2022

Credit

Sakri Rafael Koskimies (saggre)