CVE-2022-1023

high

Description

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file

References

https://wpscan.com/vulnerability/163069cd-98a8-4cfb-8b58-a6727a7d5c48

https://plugins.trac.wordpress.org/changeset/2696254

Details

Source: Mitre, NVD

Published: 2022-04-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00283