Search criteria
1 vulnerability by 3xsocializer_project
CVE-2022-29419 (GCVE-0-2022-29419)
Vulnerability from cvelistv5 – Published: 2022-04-25 16:55 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability
Summary
SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.
Severity
6 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/3xsocializer/ | x_refsource_CONFIRM |
| https://patchstack.com/database/vulnerability/3xs… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Don Crowther | 3xSocializer (WordPress plugin) |
Affected:
<= 0.98.22 , ≤ 0.98.22
(custom)
|
Date Public
2022-04-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:55.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:31:10.971735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:25:32.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "3xSocializer (WordPress plugin)",
"vendor": "Don Crowther",
"versions": [
{
"lessThanOrEqual": "0.98.22",
"status": "affected",
"version": "\u003c= 0.98.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"datePublic": "2022-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection (SQLi) vulnerability in Don Crowther\u0027s 3xSocializer plugin \u003c= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:42.009Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"value": "Deactivate and delete. No patched version is available. This plugin hasn\u2019t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 3xSocializer plugin \u003c= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-25T11:34:00.000Z",
"ID": "CVE-2022-29419",
"STATE": "PUBLIC",
"TITLE": "WordPress 3xSocializer plugin \u003c= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3xSocializer (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 0.98.22",
"version_value": "0.98.22"
}
]
}
}
]
},
"vendor_name": "Don Crowther"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection (SQLi) vulnerability in Don Crowther\u0027s 3xSocializer plugin \u003c= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/3xsocializer/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"name": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
]
},
"solution": [
{
"lang": "en",
"value": "Deactivate and delete. No patched version is available. This plugin hasn\u2019t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-29419",
"datePublished": "2022-04-25T16:55:13.084Z",
"dateReserved": "2022-04-18T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:42.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}