CVE-2023-2493
All In One Redirection < 2.2.0 - Admin+ SQLi
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
10 Jul 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Affected products
Unknown · All In One RedirectionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →