cbcvebase.
CVE-2023-0630
published 2023-03-20

CVE-2023-0630: The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
5.14%
91.4th percentile
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.

Affected

1 ranges
VendorProductVersion rangeFixed in
wp-slimstatslimstat_analytics< 4.9.3.34.9.3.3

Detection & IOCsextracted from sources · hover to see the quote

sigma
title: CVE-2023-0630 Slimstat Analytics SQLi via Shortcode
detection:
  condition: and
  selection_1:
    - 'method_1 == "POST"'
    - 'contains(url_1, "/wp-admin/admin-ajax.php")'
    - 'contains(body_1, "slimstat")'
  selection_2:
    - 'status_code_2 == 200'
    - 'contains(content_type_2, "application/json")'
    - 'contains(body_2, "audioShortcodeLibrary")'
  • Exploit targets subscriber-level users rendering shortcodes that concatenate attributes directly into an SQL query in the Slimstat Analytics plugin before 4.9.3.3. Monitor for authenticated (subscriber+) POST requests to WordPress AJAX endpoints invoking Slimstat shortcodes with anomalous SQL metacharacters in shortcode attributes.
  • ·The Sigma rule fragment in the source is incomplete — it references response-side indicators (status_code_2, content_type_2, body_2 containing 'audioShortcodeLibrary') but the request-side selection block is not fully specified in the available source material. Treat the rule as a partial/draft indicator requiring completion before production deployment.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.