← back
CVE-2023-0630

Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection

EPSS 5.1%CWE-89
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 5.1%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
20 Mar 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
Affected products
Unknown · Slimstat Analytics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/b82bdd02-b699-4527-86cc-d60b56ab0c55