CVE-2023-0900

🗓️ 05 Jun 2023 13:39:01Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 79 Views🌐 WEB

The Pricing Table Builder WordPress plugin through 1.1.6 has SQL injection vulnerability

Reporter	Title	Published	Views	Family All 13
CNNVD	WordPress Plugin Pricing Table Builder SQL注入漏洞	5 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-0900 AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi	5 Jun 202313:39	–	cvelist
EUVD	EUVD-2023-12889	3 Oct 202520:07	–	euvd
Nuclei	AP Pricing Tables Lite <= 1.1.6 - SQL Injection	6 Jun 202603:01	–	nuclei
NVD	CVE-2023-0900	5 Jun 202314:15	–	nvd
Patchstack	WordPress AP Pricing Tables Lite Plugin <= 1.1.6 is vulnerable to SQL Injection	15 May 202300:00	–	patchstack
Prion	Sql injection	5 Jun 202314:15	–	prion
Positive Technologies	PT-2023-16602 · WordPress · Pricing Table Builder	5 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-0900	23 May 202502:53	–	redhatcve
Vulnrichment	CVE-2023-0900 AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi	5 Jun 202313:39	–	vulnrichment

NVD

Vulners

Node

wpdevart pricing_table_builderRange≤1.1.6wordpress

[
  {
    "vendor": "Unknown",
    "product": "Pricing Table Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.1.6"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/f601e637-a486-4f3a-9077-4f294ace7ea1

Parameter	Position	Path	Description	CWE
table_id	request body	wp-admin/admin-ajax.php	SQL injection via unsanitized table_id parameter in backend_ajax action allowing execution of arbitrary SQL (e.g., time-based sleep).

08 Jan 2025 17:15Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.2

EPSS0.06366

SSVC