Vulnerability Details CVE-2023-5640
The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://devl00p.github.io/posts/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics/
- https://wpscan.com/vulnerability/9a383ef5-0f1a-4894-8f78-845abcb5062d
- https://devl00p.github.io/posts/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics/
- https://wpscan.com/vulnerability/9a383ef5-0f1a-4894-8f78-845abcb5062d
Products affected by CVE-2023-5640
-
cpe:2.3:a:dguzun:article_analytics:*