cbcvebase.
CVE-2023-5203
published 2023-12-26

CVE-2023-5203: The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL…

PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.22%
80.5th percentile
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

Affected

1 ranges
VendorProductVersion rangeFixed in
switwp_sessions_time_monitoring_full_automatic< 1.0.91.0.9

Detection & IOCsextracted from sources · hover to see the quote

other7'
  • Detect exploitation attempts by looking for HTTP 200 responses containing the string 'activitytime_tracker' in the body with content-type text/html — this fingerprints the vulnerable plugin endpoint targeted by the SQL injection.
  • Presence of 'activitytime_tracker' in the HTTP response body indicates the vulnerable WP Sessions Time Monitoring plugin is active and potentially being probed or exploited.
  • The plugin is vulnerable to unauthenticated blind time-based SQL injection via unsanitized request URL and query parameters; monitor for time-delayed responses (e.g., SLEEP/BENCHMARK payloads) on WordPress sites running this plugin before version 1.0.9.
  • ·The SQL injection is exploitable by unauthenticated attackers, meaning no credentials or session token are required — all public-facing WordPress installations running WP Sessions Time Monitoring Full Automatic < 1.0.9 are at risk.
  • ·Both blind time-based and error/union-based SQL injection techniques may be applicable depending on the server configuration, so detection rules should cover multiple SQLi payload classes.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.