CVE-2023-0900
published 2023-06-05CVE-2023-0900: The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…
PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
3.23%
86.7th percentile
The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpdevart | pricing_table_builder | <= 1.1.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
AP Pricing Tables Lite <= 1.1.6 - SQL Injection
nuclei·CVSS 7.2
CVE-2023-0900 [HIGH] AP Pricing Tables Lite <= 1.1.6 - SQL Injection
AP Pricing Tables Lite =5'
- 'status_code_3 == 200'
- 'contains(body_3, "Security check")'
- 'contains(body_2, "ap-pricing-tables-lite")'
condition: and
extractors:
- type: regex
name: nonce
part: body
group: 1
regex:
- '_wpnonce=([0-9a-z]+)">Log Out'
internal: true
# digest: 4a0a00473045022100ce9fe25a1492ffb0689958ffeba533307f196e89e4d4260e83c5a2370cbbab7d02204b53b5ee5a6c44c6b5624f58b7ceb24fa4e050d784e3f83d02b5a7573e368f7d:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2023-06-05
Published