CVE-2023-32590
WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 1.6%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
20 Dec 2023Published on NVD
12 Jan 2025Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Affected products
Daniel Söderström / Sidney van de Stouwe · Subscribe to Categorypublic PoCs found — 1
githubgithub.com/RandomRobbieBF/CVE-2023-32590★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →