SQL Injection Vulnerability in WP Post Corrector by Vipul Jariwala
CVE-2023-26003
7.6HIGH
What is CVE-2023-26003?
The WP Post Corrector plugin, developed by Vipul Jariwala, contains an SQL Injection vulnerability that arises from improper neutralization of special elements in SQL commands. This flaw, which impacts versions up to 1.0.2, can be exploited by attackers to execute arbitrary SQL queries on the database. Such exploits can lead to unauthorized access to sensitive data, modification of database content, and potential takeovers of the affected WordPress site.
Affected Version(s)
WP Post Corrector <= 1.0.2
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nguyen Ngoc Quang Bach (maysbachs) (Patchstack Alliance)