cve/CVE-2023-0955.md at 4cdc7cc63082b60e36d1d9d956509a405762a272

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.

POC

Reference

https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8

Github

No PoCs found on GitHub currently.

866 B Raw Blame History

CVE-2023-0955

Description

POC

Reference

Github

866 B

Raw Blame History