Lucene search

[email protected]NVD:CVE-2023-0487

HistoryFeb 27, 2023 - 4:15 p.m.

CVE-2023-0487

2023-02-2716:15:12

CWE-89

[email protected]

web.nvd.nist.gov

wordpress

sql injection

privilege escalation

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.2%

JSON

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin

Affected configurations

NVD

Node

premiomy_sticky_elementsRange<2.0.9wordpress

References

wpscan.com/vulnerability/0e874a1d-c866-45fa-b456-c8012dca32af

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.2%

JSON

Related for NVD:CVE-2023-0487

prion1 cvelist1 cve1 wordfence1