SQL Injection Vulnerability in Easy Team Manager Plugin for WordPress
CVE-2017-1002023

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Easy Team Manager
Vendor: CVE Published:; 14 September 2017

What is CVE-2017-1002023?

The Easy Team Manager plugin for WordPress contains a security flaw where the code fails to properly sanitize user input before incorporating it into SQL statements. This oversight can allow attackers to manipulate database queries through specially crafted requests, potentially leading to unauthorized data access and manipulation. Users of this plugin are encouraged to review their instances for exposure and implement the necessary security measures.

Affected Version(s)

Easy Team Manager < 1.3.2

References

https://wordpress.org/plugins/easy-team-manager/

x_refsource_MISC

http://www.vapidlabs.com/advisory.php?v=194

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 14, 2017

JSON

Wordpress

What is CVE-2017-1002023?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline