CVE-2023-0600

2023-05-1513:15:09

[email protected]

web.nvd.nist.gov

103

cve-2023-0600

wp visitor statistics

real time traffic

sql injection

wordpress plugin

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.9%

JSON

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

Affected configurations

Vulners

NVD

Node

plugins-marketwp_visitor_statistics_\(real_time_traffic\)Range<6.9

VendorProductVersionCPE
plugins\-marketwp_visitor_statistics_\(real_time_traffic\)*cpe:2.3:a:plugins\-market:wp_visitor_statistics_\(real_time_traffic\):*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
plugins\-market	wp_visitor_statistics_\(real_time_traffic\)	*	cpe:2.3:a:plugins\-market:wp_visitor_statistics_\(real_time_traffic\)::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Visitor Statistics (Real Time Traffic)",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "6.9"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]