Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:7 a.m.15 views

CVE-2023-5041

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

8.8CVSS6.6AI score0.00882EPSS
Exploits2References1
CVE
CVE
added 2024/01/17 2:27 p.m.43 views

CVE-2023-5041

The CVE-2023-5041 entry concerns the Track The Click WordPress plugin (versions before 0.3.12). Root cause: improper sanitization of query parameters to the stats REST endpoint, enabling a time-based blind SQL injection in database queries when accessed by an authenticated user with author role o...

8.8CVSS8.5AI score0.00882EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/17 2:27 p.m.3 views

CVE-2023-5041 Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

8.6AI score0.00882EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/17 2:27 p.m.34 views

CVE-2023-5041 Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

8.8AI score0.00882EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/09/27 12:0 a.m.14 views

WordPress Track The Click Plugin < 0.3.12 is vulnerable to SQL Injection

Software Track The Click Type Plugin Vulnerable versions 0.3.12 Fixed in 0.3.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5041 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1853e39ba601 Credits Karolis Narvilas Required privilege Author Publish...

8.8CVSS7.2AI score0.00882EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder