{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0600", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-01-31T19:04:31.711Z", "datePublished": "2023-05-15T12:15:31.686Z", "dateUpdated": "2024-08-02T05:17:50.061Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-05-15T12:15:31.686Z"}, "title": "WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi", "problemTypes": [{"descriptions": [{"description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "WP Visitor Statistics (Real Time Traffic)", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "6.9"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks."}], "references": [{"url": "https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Tr\u1ea7n Qu\u1ed1c Tr\u01b0\u1eddng An", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.061Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plugins-market:wp_visitor_statistics:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9A0871E7-BA8C-40BD-AD77-E02D4949F40F", "versionEndExcluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks."}], "id": "CVE-2023-0600", "lastModified": "2023-11-07T04:00:57.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-15T13:15:09.867", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit"], "url": "https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}