CVE-2023-2482

🗓️ 27 Jun 2023 13:17:10Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

The Responsive CSS EDITOR WordPress plugin allows SQL injection by high-privilege users

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin Responsive CSS EDITOR SQL注入漏洞	27 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-2482 Responsive CSS EDITOR <= 1.0 - Admin+ SQLi	27 Jun 202313:17	–	cvelist
EUVD	EUVD-2023-33966	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2482	27 Jun 202314:15	–	nvd
Patchstack	WordPress Responsive CSS EDITOR Plugin <= 1.0 is vulnerable to SQL Injection	5 Jun 202300:00	–	patchstack
Prion	Sql injection	27 Jun 202314:15	–	prion
Positive Technologies	PT-2023-19801 · WordPress · Responsive Css Editor	27 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2482	23 May 202501:53	–	redhatcve
Vulnrichment	CVE-2023-2482 Responsive CSS EDITOR <= 1.0 - Admin+ SQLi	27 Jun 202313:17	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)	15 Jun 202313:04	–	wordfence

NVD

Vulners

Node

wpwox responsive_css_editorRange≤1.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "Responsive CSS EDITOR",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/c0f73781-be7e-482e-91de-ad7991ad4bd5

Parameter	Position	Path	Description	CWE
bid	query param	wp-admin/admin.php?page=responsive_css_editor_setting&updateorder=false&deletebreakpoints=true&bid=(select*from(select(sleep(5)))a)	SQL injection in Responsive CSS EDITOR WordPress plugin due to unsanitized parameter used in a SQL statement	CWE-89

21 Nov 2024 07:58Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.2

EPSS0.00321

SSVC

CWE-89