CVE-2023-3023
published 2023-07-12CVE-2023-3023: The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to…
PriorityP340high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.71%
48.8th percentile
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level or above permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| levelfourstorefront | shopping_cart_ecommerce_store | <= 5.4.10 | — |
| wpeasycart | wp_easycart | < 5.4.11 | 5.4.11 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WP EasyCart Plugin up to 5.4.10 on WordPress orderby sql injection
vuldb·2026-04-10·CVSS 7.2
CVE-2023-3023 [HIGH] WP EasyCart Plugin up to 5.4.10 on WordPress orderby sql injection
A vulnerability was found in WP EasyCart Plugin up to 5.4.10 on WordPress. It has been rated as critical. This issue affects some unknown processing. Performing a manipulation of the argument orderby results in sql injection.
This vulnerability is reported as CVE-2023-3023. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-6c66-vmmw-cg64: The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5
ghsa_unreviewed·2023-07-12
CVE-2023-3023 [HIGH] CWE-89 GHSA-6c66-vmmw-cg64: The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level or above permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
No detection rules found.
No public exploits indexed.
Trendmicro
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
blogs_trendmicro·2023-03-21·CVSS 7.8
CVE-2023-23397 [HIGH] Patch CVE-2023-23397 Immediately: What You Need To Know and Do
Exploits & Vulnerabilities
## Patch CVE-2023-23397 Immediately: What You Need To Know and Do
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
By: Trend Micro 2023/03/21 Read time: ( words)
Save to Folio
Update as of 03/22/3023 2:50PM PHT: Updated the prevention and mitigation section for an additional step.
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. We summarize the points that security teams need to know
Trendmicro
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
blogs_trendmicro·2023-03-21·CVSS 7.8
CVE-2023-23397 [HIGH] Patch CVE-2023-23397 Immediately: What You Need To Know and Do
Exploits y vulnerabilidades
## Patch CVE-2023-23397 Immediately: What You Need To Know and Do
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
By: Trend Micro Mar 21, 2023 Read time: ( words)
Save to Folio
Update as of 03/22/3023 2:50PM PHT: Updated the prevention and mitigation section for an additional step.
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. We summarize the points that security teams need to k
Trendmicro
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
blogs_trendmicro·2023-03-21·CVSS 7.8
CVE-2023-23397 [HIGH] Patch CVE-2023-23397 Immediately: What You Need To Know and Do
Exploits & Vulnerabilities
## Patch CVE-2023-23397 Immediately: What You Need To Know and Do
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
By: Trend Micro Mar 21, 2023 Read time: ( words)
Save to Folio
Update as of 03/22/3023 2:50PM PHT: Updated the prevention and mitigation section for an additional step.
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. We summarize the points that security teams need to kn
Trendmicro
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
blogs_trendmicro·2023-03-21·CVSS 7.8
CVE-2023-23397 [HIGH] Patch CVE-2023-23397 Immediately: What You Need To Know and Do
Ausnutzung von Schwachstellen
## Patch CVE-2023-23397 Immediately: What You Need To Know and Do
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
By: Trend Micro Mar 21, 2023 Read time: ( words)
Save to Folio
Update as of 03/22/3023 2:50PM PHT: Updated the prevention and mitigation section for an additional step.
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. We summarize the points that security teams need to
Trendmicro
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
blogs_trendmicro·2023-03-21·CVSS 7.8
CVE-2023-23397 [HIGH] Patch CVE-2023-23397 Immediately: What You Need To Know and Do
Sfruttamento vulnerabilità
## Patch CVE-2023-23397 Immediately: What You Need To Know and Do
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
By: Trend Micro Mar 21, 2023 Read time: ( words)
Save to Folio
Update as of 03/22/3023 2:50PM PHT: Updated the prevention and mitigation section for an additional step.
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. We summarize the points that security teams need to kn
https://plugins.trac.wordpress.org/changeset/2923668/wp-easycart/trunk/admin/inc/wp_easycart_admin_table.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/c9c1ddaf-4bf2-4937-b7bf-a09162db043e?source=cvehttps://plugins.trac.wordpress.org/changeset/2923668/wp-easycart/trunk/admin/inc/wp_easycart_admin_table.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/c9c1ddaf-4bf2-4937-b7bf-a09162db043e?source=cve
2023-07-12
Published