CVE-2022-29419

WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability

Description

SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.

Remediation

Solution:

Deactivate and delete. No patched version is available. This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year.

References

Link	Tags
https://wordpress.org/plugins/3xsocializer/	product third party advisory
https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability	product third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-29419?: CVE-2022-29419 has been scored as a medium severity vulnerability.
How to fix CVE-2022-29419?: To fix CVE-2022-29419: Deactivate and delete. No patched version is available. This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year.
Is CVE-2022-29419 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-29419 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-29419?: CVE-2022-29419 affects Don Crowther 3xSocializer (WordPress plugin).

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions