WordPress Plugin Vulnerabilities

3xSocializer <= 0.98.22 - Subscriber+ SQLi

Description

The plugin does not sanitise and escape some parameter before using them in SQL statements, leading to SQL Injections

Affects Plugins

Plugin icon
3xsocializer
No known fix

References

CVE
CVE-2022-29419

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
Lenon Leite
Verified
No
WPVDB ID
25600f02-d9fd-4fc8-bab0-370791bc5b16

Timeline

Publicly Published
2022-04-25 (about 4 years ago)
Added
2022-04-25 (about 4 years ago)
Last Updated
2022-04-27 (about 4 years ago)

Other

Published
Title
Published
2017-07-06
Title
DSubscribers <= 1.2 - Authenticated SQL Injection
Published
2024-10-15
Title
Surfer < 1.6.0.523 - Authenticated (Administrator+) SQL Injection
Published
2025-01-03
Title
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection
Published
2021-10-14
Title
WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection
Published
2026-03-25
Title
JS Help Desk – AI-Powered Support & Ticketing System < 3.0.5 - Unauthenticated SQL Injection via 'multiformid' Parameter