YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi
CVE-2023-0579

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Yarpp
Vendor: CVE Published:; 16 August 2023

Summary

The YARPP WordPress plugin prior to version 5.30.3 suffers from a vulnerability due to the lack of validation and escaping of certain shortcode attributes in SQL statements. This oversight allows authenticated users, including those with low-level access like subscribers, to execute SQL Injection attacks. Such an attack could lead to unauthorized database manipulation and expose sensitive information, making it critical to update to the latest version to mitigate this risk.

Affected Version(s)

YARPP 0 < 5.30.3

References

https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 16, 2023
Vulnerability Reserved
Jan 30, 2023

Credit

Erwan LR (WPScan)

WPScan