Lucene search

PatchstackVULNRICHMENT:CVE-2023-38391

HistoryNov 03, 2023 - 11:07 p.m.

CVE-2023-38391 WordPress Onepage Builder – Easiest Landing Page Builder For WordPress Plugin <= 2.4.1 is vulnerable to SQL Injection

2023-11-0323:07:33

CWE-89

Patchstack

github.com

wordpress

onepage builder

sql injection

AI Score

7.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:themesgrove:onepage_builder:*:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "themesgrove",
    "product": "onepage_builder",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.4.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

patchstack.com/database/vulnerability/tx-onepager/wordpress-onepage-builder-easiest-landing-page-builder-for-wordpress-plugin-2-4-1-sql-injection?_s_id=cve