cvedb.io
CVE-2022-3141
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-09-19T14:15:11.307 · Last modified 2026-06-17T04:58:56.603

Summary

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

Affected products

cozmoslabs — translatepress

Does this affect you?

Add your gear to cvedb and we'll alert you only when cozmoslabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.