What is CVE-2022-3254?

CVE-2022-3254 is a vulnerability in Wordpress Classifieds Plugin – Ad Directory & Listings By Awp, classified under SQL Injection. Published 2022-10-31.

Is CVE-2022-3254 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Wordpress Classifieds Plugin – Ad Directory & Listings By Awp

CVE-2022-3254

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium modul…

Vulnerability class: SQL Injection

EPSS: 0.866 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Wordpress Classifieds Plugin – Ad Directory & Listings By Awp — versions 4.3

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660

Frequently asked questions

What is CVE-2022-3254?: CVE-2022-3254 is a vulnerability in Wordpress Classifieds Plugin – Ad Directory & Listings By Awp, classified under SQL Injection. Published 2022-10-31.
Is CVE-2022-3254 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.