cve/2023/CVE-2023-0600.md

### [CVE-2023-0600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0600)
![](https://img.shields.io/static/v1?label=Product&message=WP%20Visitor%20Statistics%20(Real%20Time%20Traffic)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/truocphan/VulnBox
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-0600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0600)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%20Visitor%20Statistics%20(Real%20Time%20Traffic)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.9%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)`

			`### Description`

			`The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/truocphan/VulnBox`