WordPress Link Whisper Free Plugin <= 0.6.5 is vulnerable to SQL Injection
CVE-2023-47852

8.5HIGH

Key Information:

Vendor: WordPress
Status: Link Whisper Free
Vendor: CVE Published:; 20 December 2023

What is CVE-2023-47852?

An SQL Injection vulnerability in Link Whisper Free allows attackers to manipulate database queries via unvalidated input, potentially leading to unauthorized access to sensitive data. This flaw affects versions from n/a up to 0.6.5, making it crucial for users to update and secure their installations to prevent exploitation.

Affected Version(s)

Link Whisper Free <= 0.6.5

References

https://patchstack.com/database/vulnerability/link-whispe...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Nov 13, 2023

Credit

Muhammad Daffa (Patchstack Alliance)