Lucene search
HistoryJun 05, 2023 - 2:15 p.m.
CVE-2023-0900
wordpress
plugin
sql injection
high-privilege users
pricing table builder
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.3%
The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
Affected configurations
Node
wpdevartpricing_table_builderRange≤1.1.6wordpress
Related
wpexploit
wpexploit
AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-05-10 00:00:00
wpvulndb
wpvulndb
AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-05-10 00:00:00
cvelist
cvelist
CVE-2023-0900 AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-06-05 13:39:01
cve
cve
CVE-2023-0900
2023-06-05 14:15:09
prion
prion
Sql injection
2023-06-05 14:15:00
nuclei
nuclei
AP Pricing Tables Lite <= 1.1.6 - SQL Injection
2023-10-17 07:20:28
wordfence
wordfence
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.3%
Related for NVD:CVE-2023-0900