CVE-2023-5203

2023-12-2619:15:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-5203

wp sessions

time monitoring

full automatic

wordpress

sql injection

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.7%

JSON

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

Affected configurations

Vulners

NVD

Node

switwp_sessions_time_monitoring_full_automaticRange<1.0.9

VendorProductVersionCPE
switwp_sessions_time_monitoring_full_automatic*cpe:2.3:a:swit:wp_sessions_time_monitoring_full_automatic:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
swit	wp_sessions_time_monitoring_full_automatic	*	cpe:2.3:a:swit:wp_sessions_time_monitoring_full_automatic::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Sessions Time Monitoring Full Automatic",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.0.9"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]