Lucene search

K
cvePatchstackCVE-2023-50845
HistoryDec 28, 2023 - 7:15 p.m.

CVE-2023-50845

2023-12-2819:15:15
CWE-89
Patchstack
web.nvd.nist.gov
51
cve-2023-50845
sql injection
ayecode
wordpress
business directory
geodirectory
classified directory
nvd
vulnerability

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

26.4%

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28.

Affected configurations

Nvd
Vulners
Node
ayecodegeodirectoryRange2.3.28wordpress
VendorProductVersionCPE
ayecodegeodirectory*cpe:2.3:a:ayecode:geodirectory:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "geodirectory",
    "product": "GeoDirectory – WordPress Business Directory Plugin, or Classified Directory",
    "vendor": "AyeCode - WordPress Business Directory Plugins",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.29",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.3.28",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

26.4%