Lucene search
HistoryMar 20, 2023 - 4:15 p.m.
CVE-2023-0875
cve-2023-0875
wordpress
sql injection
vulnerability
subscriber users
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
31.1%
The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.
Affected configurations
Node
joomunitedwp_meta_seoRange<4.5.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| joomunited | wp_meta_seo | * | cpe:2.3:a:joomunited:wp_meta_seo:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Sql injection
2023-03-20 16:15:00
cvelist
cvelist
CVE-2023-0875 WP Meta SEO < 4.5.3 - Subscriber+ SQLi
2023-03-20 15:52:21
cve
cve
CVE-2023-0875
2023-03-20 16:15:12
wpexploit
wpexploit
WP Meta SEO < 4.5.3 - Subscriber+ SQLi
2023-02-27 00:00:00
wpvulndb
wpvulndb
WP Meta SEO < 4.5.3 - Subscriber+ SQLi
2023-02-27 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
31.1%
Related for NVD:CVE-2023-0875