Lucene search
+L

7 matches found

Nuclei
Nuclei
added yesterday76 views

Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2023-1020 info: name: Steveas WP Live Chat Shoutbox = 1.4.2 - SQL...

9.8CVSS7.1AI score0.0499EPSS
Exploits2References3
Circl
Circl
added 2023/04/24 10:19 p.m.49 views

CVE-2023-1020

creationtimestamp| type| source ---|---|--- 2023-04-24 22:19:40+00:00| seen| https://t.me/cibsecurity/62747 2023-07-26 14:24:11+00:00| published-proof-of-concept| https://t.me/codeb0ss/958 2025-02-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-02-22...

9.8CVSS7.3AI score0.0499EPSS
In wildExploits2References5
OSV
OSV
added 2023/04/24 7:15 p.m.5 views

CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.3AI score0.0499EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/04/24 6:30 p.m.30 views

CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

10AI score0.0499EPSS
Exploits2References1
CVE
CVE
added 2023/04/24 6:30 p.m.93 views

CVE-2023-1020

The CVE-2023-1020 entry concerns the WordPress plugin Steveas WP Live Chat Shoutbox, affected in versions up to 1.4.2. The root cause is a SQL injection vulnerability caused by unsanitized/uncleaned parameters in an AJAX action accessible to unauthenticated users, enabling arbitrary SQL execution...

9.8CVSS9.9AI score0.0499EPSS
In wildExploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.6 views

CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

7.9AI score0.0499EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/04/12 12:0 a.m.9 views

WordPress Steveas WP Live Chat Shoutbox Plugin <= 1.4.2 is vulnerable to SQL Injection

Software Steveas WP Live Chat Shoutbox Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1020 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 176c8169feb6 Credits Simone Onofri Donato Onofri Required...

9.8CVSS6.8AI score0.0499EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder