CVE-2023-0098
CVSS V2 None
CVSS V3 None
Description
The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.
Overview
- CVE ID
- CVE-2023-0098
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-13T15:15:20
- Last Modified Date
- 2023-02-21T19:48:36
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:getlasso:simple_urls:*:*:*:*:*:wordpress:*:* | 1 | OR | 115 |
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/db0b3275-40df-404e-aa8d-53558f0122d8 | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0098 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0098 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:37:40 | Added to TrackCVE | |||
| 2023-04-17 07:37:41 | Weakness Enumeration | new |