Lucene search

K
patchstackErwan LR (WPScan)PATCHSTACK:A3C9CD5BBB74134B002DC4B5000B1069
HistoryMar 28, 2023 - 12:00 a.m.

WordPress WP Statistics Plugin < 14.0 is vulnerable to SQL Injection

2023-03-2800:00:00
Erwan LR (WPScan)
patchstack.com
1
wp statistics
plugin
vulnerable version
sql injection
owasp top 10
cve-2023-0955
patch priority
cvss severity
administrator
published

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Software

WP Statistics

Type

Plugin

Vulnerable versions

< 14.0

Fixed in

14.0

OWASP Top 10

A1: Injection

Classification

SQL Injection

CVE

CVE-2023-0955

Patch priority

Low

CVSS severity

Low (7.6)

Developer

Claim ownership

PSID

442f3d5af675

Credits

Erwan LR (WPScan)

Required privilege

Administrator

Published

28 March, 2023

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
veronalabswp_statisticsRange<14.0wordpress
VendorProductVersionCPE
veronalabswp_statistics*cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Related for PATCHSTACK:A3C9CD5BBB74134B002DC4B5000B1069