CVE-2023-0381

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 27.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown GigpressTRI Gigpress
Timeline
PublishedFeb 27

Description

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDtri/gigpress2.3.28
CVEListV5unknown/gigpress2.3.28

🔴Vulnerability Details

2
GHSA
GHSA-2php-mg3p-mcqg: The GigPress WordPress plugin through 22023-02-27
CVEList
GigPress <= 2.3.28 - Subscriber+ SQLi2023-02-27
CVE-2023-0381 (HIGH CVSS 8.8) | The GigPress WordPress plugin throu | cvebase.io