WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection

Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...

CVE-2023-0895

creationtimestamp| type| source ---|---|--- 2023-02-17 20:13:34+00:00| seen| https://t.me/cibsecurity/58459...

CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2023-0895 WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2023-0895

CVE-2023-0895 affects the WordPress WP Coder plugin, where versions up to 2.5.3 are vulnerable to time-based SQL Injection via the id parameter due to insufficient escaping and poor query preparation. Exploitation requires authenticated admin privileges. The issue has been fixed in version 2.5.4 ...