All In One Redirection < 2.2.0 - Admin+ SQLi
CVE-2023-2493
7.2HIGH
Summary
The All In One Redirection plugin for WordPress, prior to version 2.2.0, is susceptible to an SQL injection vulnerability. This flaw arises due to improper sanitization and escaping of multiple parameters utilized in SQL statements, enabling high-privilege users, such as administrators, to exploit this weakness. If left unaddressed, this vulnerability poses a significant risk to the site's database integrity, allowing for unauthorized data manipulation or retrieval.
Affected Version(s)
All In One Redirection 0 < 2.2.0
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Chien Vuong
WPScan