← back
CVE-2023-0234

SiteGround Security < 1.3.1 - Admin+ SQLi

CVSS 8.8 HIGHEPSS 18.0%
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 18.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Feb 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · SiteGround Security

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/namah-age/CVEs/blob/master/1.mdhttps://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en