Lucene search

PatchstackCVELIST:CVE-2023-32590

HistoryDec 20, 2023 - 3:02 p.m.

CVE-2023-32590 WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection

2023-12-2015:02:24

CWE-89

Patchstack

www.cve.org

wordpress

subscribe to category

sql injection

cve-2023-32590

daniel söderström

sidney van de stouwe

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "subscribe-to-category",
    "product": "Subscribe to Category",
    "vendor": "Daniel Söderström / Sidney van de Stouwe",
    "versions": [
      {
        "lessThanOrEqual": "2.7.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/subscribe-to-category/wordpress-subscribe-to-category-plugin-2-7-4-sql-injection-vulnerability?_s_id=cve

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Related for CVELIST:CVE-2023-32590