CVE-2023-0224

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks

Ссылки

https://givewp.com/core-2-24-0-vulnerability-patched/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/
Exploit
Third Party Advisory
https://givewp.com/core-2-24-0-vulnerability-patched/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*

Версия до 2.24.1 (исключая)

EPSS

Процентиль: 76%

0.00998

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-6737-mxc9-2p4p