CVE-2022-3141

Name of the Vulnerable Software and Affected Versions Translate Multilingual sites WordPress plugin versions prior to 2.3.3

Description The issue allows for an authenticated SQL injection. This can be achieved by adding a new language via the settings page, containing specific special characters, which can surpass the backticks in the SQL query and allow a time-based blind payload to be injected.

Recommendations For versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation. Avoid using special characters when adding new languages until the issue is resolved.