Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by 3xsocializer_project
CVE-2022-29419 (GCVE-0-2022-29419)
Vulnerability from nvd – Published: 2022-04-25 16:55 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability
Summary
SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/3xsocializer/ | x_refsource_CONFIRM |
| https://patchstack.com/database/vulnerability/3xs… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Don Crowther | 3xSocializer (WordPress plugin) |
Affected:
<= 0.98.22 , ≤ 0.98.22
(custom)
|
Date Public
2022-04-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:55.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:31:10.971735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:25:32.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "3xSocializer (WordPress plugin)",
"vendor": "Don Crowther",
"versions": [
{
"lessThanOrEqual": "0.98.22",
"status": "affected",
"version": "\u003c= 0.98.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"datePublic": "2022-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection (SQLi) vulnerability in Don Crowther\u0027s 3xSocializer plugin \u003c= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:42.009Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"value": "Deactivate and delete. No patched version is available. This plugin hasn\u2019t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 3xSocializer plugin \u003c= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-25T11:34:00.000Z",
"ID": "CVE-2022-29419",
"STATE": "PUBLIC",
"TITLE": "WordPress 3xSocializer plugin \u003c= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3xSocializer (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 0.98.22",
"version_value": "0.98.22"
}
]
}
}
]
},
"vendor_name": "Don Crowther"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection (SQLi) vulnerability in Don Crowther\u0027s 3xSocializer plugin \u003c= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/3xsocializer/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"name": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
]
},
"solution": [
{
"lang": "en",
"value": "Deactivate and delete. No patched version is available. This plugin hasn\u2019t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-29419",
"datePublished": "2022-04-25T16:55:13.084Z",
"dateReserved": "2022-04-18T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:42.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-29419 (GCVE-0-2022-29419)
Vulnerability from cvelistv5 – Published: 2022-04-25 16:55 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability
Summary
SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/3xsocializer/ | x_refsource_CONFIRM |
| https://patchstack.com/database/vulnerability/3xs… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Don Crowther | 3xSocializer (WordPress plugin) |
Affected:
<= 0.98.22 , ≤ 0.98.22
(custom)
|
Date Public
2022-04-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:55.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:31:10.971735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:25:32.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "3xSocializer (WordPress plugin)",
"vendor": "Don Crowther",
"versions": [
{
"lessThanOrEqual": "0.98.22",
"status": "affected",
"version": "\u003c= 0.98.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"datePublic": "2022-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection (SQLi) vulnerability in Don Crowther\u0027s 3xSocializer plugin \u003c= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:42.009Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"value": "Deactivate and delete. No patched version is available. This plugin hasn\u2019t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 3xSocializer plugin \u003c= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-25T11:34:00.000Z",
"ID": "CVE-2022-29419",
"STATE": "PUBLIC",
"TITLE": "WordPress 3xSocializer plugin \u003c= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3xSocializer (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 0.98.22",
"version_value": "0.98.22"
}
]
}
}
]
},
"vendor_name": "Don Crowther"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection (SQLi) vulnerability in Don Crowther\u0027s 3xSocializer plugin \u003c= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/3xsocializer/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"name": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
]
},
"solution": [
{
"lang": "en",
"value": "Deactivate and delete. No patched version is available. This plugin hasn\u2019t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-29419",
"datePublished": "2022-04-25T16:55:13.084Z",
"dateReserved": "2022-04-18T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:42.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}