Lucene search

[email protected]NVD:CVE-2023-0600

HistoryMay 15, 2023 - 1:15 p.m.

CVE-2023-0600

2023-05-1513:15:09

[email protected]

web.nvd.nist.gov

cve-2023-0600

wp visitor statistics

sql injection

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.8%

JSON

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

Affected configurations

NVD

Node

plugins-marketwp_visitor_statisticsRange<6.9wordpress

References

wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.8%

JSON

Related for NVD:CVE-2023-0600

wpexploit1 wpvulndb1 cvelist1 cve1 prion1 nuclei1 wordfence1