CVE-2023-5640

The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability...

CVE-2023-5640

CVE-2023-5640 relates to the Article Analytics WordPress plugin (

WordPress Plugin Article Analytics Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-32231 · WordPress · Article Analytics Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Article Analytics WordPress plugin affected versions not specified Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. This AJAX action is...

Article Analytics <= 1.0 - Unauthenticated SQL injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. On a Wordpress blog using MySQL the following PoC allows to extract the hash of the...

WordPress Article analytics Plugin <= 1.0 is vulnerable to SQL Injection

Software Article analytics Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5640 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 78430de01615 Credits Nicolas Surribas Required privilege Unauthenticate...