CVE-2022-3243 is a high-severity SQL Injection vulnerability (CWE-89) found in the WordPress plugin "Import all XML, CSV & TXT into WordPress" versions prior to 6.5.8. The vulnerability arises because the plugin fails to properly sanitize and escape imported data before incorporating it into SQL queries. This improper handling allows an attacker with high privileges—specifically users with administrative rights—to inject malicious SQL code. The injection can lead to unauthorized access, data manipulation, or deletion within the WordPress database. Since the vulnerability requires high privilege access and no user interaction, it primarily threatens the integrity, confidentiality, and availability of the WordPress site's data. The CVSS 3.1 base score is 7.2, indicating a high severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. Although no known exploits are reported in the wild, the vulnerability poses a significant risk to sites using this plugin without the patched version 6.5.8 or later. The plugin is used to import data in XML, CSV, and TXT formats, which are common formats for bulk content import, making this vulnerability relevant for sites that rely on automated or bulk data import processes. The vulnerability was published on October 17, 2022, and has been enriched by CISA, indicating recognition by US cybersecurity authorities.

For European organizations running WordPress websites that utilize the "Import all XML, CSV & TXT into WordPress" plugin, this vulnerability can have serious consequences. An attacker with administrative access could exploit this flaw to execute arbitrary SQL commands, potentially leading to data breaches, unauthorized data modification, or complete database compromise. This could result in leakage of sensitive customer data, defacement of websites, disruption of services, and loss of trust. Given the widespread use of WordPress across Europe for business, government, and e-commerce sites, the impact can be significant, especially for organizations handling personal data under GDPR regulations. Exploitation could lead to regulatory penalties and reputational damage. The requirement for high privilege access limits the attack surface to insiders or compromised admin accounts, but insider threats or credential theft remain realistic risks. The lack of user interaction needed means that once an attacker has admin access, exploitation can be automated and stealthy. The vulnerability also threatens the availability of services if attackers delete or corrupt database content. Overall, the vulnerability poses a high risk to the confidentiality, integrity, and availability of affected WordPress sites in Europe.

1. Immediate upgrade: European organizations should promptly update the "Import all XML, CSV & TXT into WordPress" plugin to version 6.5.8 or later, where the vulnerability is patched. 2. Privilege management: Restrict administrative privileges strictly to trusted personnel and implement strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. 3. Monitoring and auditing: Enable detailed logging and monitor for unusual administrative activities or unexpected SQL errors that could indicate exploitation attempts. 4. Input validation: Although the patch addresses sanitization, organizations should implement additional input validation and sanitization controls at the application or web application firewall (WAF) level to detect and block malicious payloads in imported files. 5. Limit import sources: Restrict the sources and formats of files imported via the plugin to trusted origins and scan all import files for malicious content before processing. 6. Backup and recovery: Maintain regular, secure backups of WordPress databases and files to enable rapid recovery in case of compromise. 7. Security awareness: Train administrators on the risks of privilege misuse and the importance of secure handling of import files. 8. Incident response: Prepare incident response plans specifically addressing potential SQL injection exploitation scenarios in WordPress environments.