CVE-2023-5203
published 2023-12-26CVE-2023-5203: The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL…
PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.22%
80.5th percentile
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| swit | wp_sessions_time_monitoring_full_automatic | < 1.0.9 | 1.0.9 |
Detection & IOCsextracted from sources · hover to see the quote
other7'
- →Detect exploitation attempts by looking for HTTP 200 responses containing the string 'activitytime_tracker' in the body with content-type text/html — this fingerprints the vulnerable plugin endpoint targeted by the SQL injection.
- →Presence of 'activitytime_tracker' in the HTTP response body indicates the vulnerable WP Sessions Time Monitoring plugin is active and potentially being probed or exploited.
- →The plugin is vulnerable to unauthenticated blind time-based SQL injection via unsanitized request URL and query parameters; monitor for time-delayed responses (e.g., SLEEP/BENCHMARK payloads) on WordPress sites running this plugin before version 1.0.9. ↗
- ·The SQL injection is exploitable by unauthenticated attackers, meaning no credentials or session token are required — all public-facing WordPress installations running WP Sessions Time Monitoring Full Automatic < 1.0.9 are at risk. ↗
- ·Both blind time-based and error/union-based SQL injection techniques may be applicable depending on the server configuration, so detection rules should cover multiple SQLi payload classes. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection
nuclei·CVSS 7.5
CVE-2023-5203 [HIGH] WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection
WP Sessions Time Monitoring Full Automatic = 7'
- 'status_code == 200'
- 'contains(body, "activitytime_tracker")'
- 'contains(content_type, "text/html")'
condition: and
# digest: 4a0a00473045022100962e47ff965e851fa3b975869f11b632a6e5ed7185b8500fae281b1acc3531c002201ba970bc9d939509f9b240b32f836bd7ff3ef2c47066b4d3382fcd72cb63cff7:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2023-12-26
Published