Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-1730

CWE-89SQL Injection6 documents5 sources
Severity
9.8CRITICAL
EPSS
75.1%
top 1.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown SupportcandySupportcandy Supportcandy
Timeline
PublishedMay 2
Latest updateJun 13

Description

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/supportcandy< 3.1.5

🔴Vulnerability Details

2
CVEList
SupportCandy < 3.1.5 - Unauthenticated SQLi2023-05-02
GHSA
GHSA-4xmw-qq98-42q5: The SupportCandy WordPress plugin before 32023-05-02

💥Exploits & PoCs

1
Nuclei
SupportCandy < 3.1.5 - Unauthenticated SQL Injection

🕵️Threat Intelligence

2
Talos
Two remote code execution vulnerabilities disclosed in Microsoft Excel2023-06-13
Talos
Two remote code execution vulnerabilities disclosed in Microsoft Excel2023-06-13
CVE-2023-1730 (CRITICAL CVSS 9.8) | The SupportCandy WordPress plugin b | cvebase.io