AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
CVE-2023-0900

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Pricing Table Builder
Vendor: CVE Published:; 5 June 2023

What is CVE-2023-0900?

The Pricing Table Builder plugin for WordPress versions up to 1.1.6 is susceptible to a SQL injection vulnerability due to improper sanitization and escaping of parameters before executing SQL statements. This flaw allows high-privilege users, such as administrators, to exploit the injection and manipulate the database, potentially compromising the integrity and security of the entire WordPress installation.

Affected Version(s)

Pricing Table Builder 0 <= 1.1.6

References

https://wpscan.com/vulnerability/f601e637-a486-4f3a-9077-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2023
Vulnerability Reserved
Feb 17, 2023

Credit

Simone Onofri

Donato Onofri

WPScan

JSON

Wordpress

What is CVE-2023-0900?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit