Lucene search

[email protected]NVD:CVE-2023-0260

HistoryFeb 13, 2023 - 3:15 p.m.

CVE-2023-0260

2023-02-1315:15:21

[email protected]

web.nvd.nist.gov

wp review slider

wordpress plugin

sql injection

vulnerability

sql statement

sanitise

escape

parameter

subscriber role

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.3%

JSON

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

Affected configurations

Nvd

Node

ljappswp_review_sliderRange<12.2wordpress

VendorProductVersionCPE
ljappswp_review_slider*cpe:2.3:a:ljapps:wp_review_slider:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
ljapps	wp_review_slider	*	cpe:2.3:a:ljapps:wp_review_slider::::::wordpress::*

References

wpscan.com/vulnerability/9165d46b-2a27-4e83-a096-73ffe9057c80

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.3%

JSON

Related for NVD:CVE-2023-0260

wpvulndb1 cvelist1 cve1 wpexploit1 prion1