CVE-2023-0098

Exploit

EPSS 0.69%
Veröffentlicht 13.02.2023 15:15:20
Zuletzt bearbeitet 21.03.2025 20:15:14
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.

Mögliche Gegenmaßnahme

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: Update to version 115, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Version *-114

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getlasso ≫ Simple Urls SwPlatformwordpress Version < 115

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.713

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/db0b3275-40df-404e-aa8d-53558f0122d8

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/1644c2c3-11fa-48d6-ad99-416f27df4483

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0098

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0098

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0098

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-0098