Translate Multilingual sites – TranslatePress, CVE-2022-3141

CVE, Research URL: CVE-2022-3141
Home page URL: Security reports for Translate Multilingual sites – TranslatePress
Application: Translate Multilingual sites – TranslatePress
Published on: Sep 19, 2022
Research Description: The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
Affected versions: Min -, max 2.3.3.
Status: vulnerable

Translate Multilingual sites &#8211; TranslatePress, CVE-2022-3141