Lucene search

[email protected]NVD:CVE-2023-0600

HistoryMay 15, 2023 - 1:15 p.m.

CVE-2023-0600

2023-05-1513:15:09

[email protected]

web.nvd.nist.gov

cve-2023-0600

wp visitor statistics

sql injection

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.044

Percentile

92.5%

JSON

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

Affected configurations

Nvd

Node

plugins-marketwp_visitor_statisticsRange<6.9wordpress

VendorProductVersionCPE
plugins-marketwp_visitor_statistics*cpe:2.3:a:plugins-market:wp_visitor_statistics:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
plugins-market	wp_visitor_statistics	*	cpe:2.3:a:plugins-market:wp_visitor_statistics::::::wordpress::*

References

wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.044

Percentile

92.5%

JSON

Related for NVD:CVE-2023-0600

wpvulndb1 cvelist1 wpexploit1 nuclei1 prion1 cve1 wordfence1