CVE-2023-32590

2023-12-2015:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-32590

sql injection

daniel söderström

sidney van de stouwe

subscribe to category

nvd

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

0.001 Low

EPSS

Percentile

31.9%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4.

Affected configurations

Vulners

NVD

Node

daniel_söderström_\/_sidney_van_de_stouwesubscribe_to_categoryRange≤2.7.4

CPENameOperatorVersion
subscribe_to_category_project:subscribe_to_categorysubscribe to category project subscribe to categoryle2.7.4

CPE	Name	Operator	Version
subscribe_to_category_project:subscribe_to_category	subscribe to category project subscribe to category	le	2.7.4

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "subscribe-to-category",
    "product": "Subscribe to Category",
    "vendor": "Daniel Söderström / Sidney van de Stouwe",
    "versions": [
      {
        "lessThanOrEqual": "2.7.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]