CVE-2023-0224

CWE-89SQL Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
1.2%
top 21.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown GivewpGivewp Givewp
Timeline
PublishedJan 16

Description

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDgivewp/givewp< 2.24.1
CVEListV5unknown/givewp< 2.24.1

🔴Vulnerability Details

2
CVEList
GiveWP < 2.24.1 - Unauthenticated SQLi2024-01-16
GHSA
GHSA-6737-mxc9-2p4p: The GiveWP WordPress plugin before 22024-01-16

📋Vendor Advisories

1
Chrome
Stable Channel Update for Desktop: CVE-2024-02222024-01-03
CVE-2023-0224 (CRITICAL CVSS 9.8) | The GiveWP WordPress plugin before | cvebase.io