CVE-2023-0630
published 2023-03-20CVE-2023-0630: The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
5.14%
91.4th percentile
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp-slimstat | slimstat_analytics | < 4.9.3.3 | 4.9.3.3 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: CVE-2023-0630 Slimstat Analytics SQLi via Shortcode
detection:
condition: and
selection_1:
- 'method_1 == "POST"'
- 'contains(url_1, "/wp-admin/admin-ajax.php")'
- 'contains(body_1, "slimstat")'
selection_2:
- 'status_code_2 == 200'
- 'contains(content_type_2, "application/json")'
- 'contains(body_2, "audioShortcodeLibrary")'- →Exploit targets subscriber-level users rendering shortcodes that concatenate attributes directly into an SQL query in the Slimstat Analytics plugin before 4.9.3.3. Monitor for authenticated (subscriber+) POST requests to WordPress AJAX endpoints invoking Slimstat shortcodes with anomalous SQL metacharacters in shortcode attributes.
- ·The Sigma rule fragment in the source is incomplete — it references response-side indicators (status_code_2, content_type_2, body_2 containing 'audioShortcodeLibrary') but the request-side selection block is not fully specified in the available source material. Treat the rule as a partial/draft indicator requiring completion before production deployment.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
nuclei·CVSS 8.8
CVE-2023-0630 [HIGH] Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
Slimstat Analytics =7'
- 'status_code_2 == 200'
- 'contains(content_type_2, "application/json")'
- 'contains(body_2, "audioShortcodeLibrary")'
condition: and
# digest: 490a00463044022052ed6e40939abd6f766c31e210535d0931d22bfb2e514e495ffb7655c0de774902201fb2a917c86008b3cc324d623ec0f6dc11dd28b4b67a82a75df289220bb1ec84:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2023-03-20
Published