WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection
CVE-2023-48738

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Porto Theme - Functionality
Vendor: CVE Published:; 19 December 2023

What is CVE-2023-48738?

An SQL Injection vulnerability in the Porto Theme Functionality allows attackers to manipulate database queries by improperly neutralizing special elements used in SQL commands. This can enable unauthorized access to sensitive data and compromise the integrity of the affected WordPress site. The issue impacts versions of the Porto Theme prior to 2.12.1, emphasizing the need for timely updates to safeguard against potential exploitation.

Affected Version(s)

Porto Theme - Functionality < 2.12.1

References

https://patchstack.com/database/vulnerability/porto-funct...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2023
Vulnerability Reserved
Nov 18, 2023

Credit

Rafie Muhammad (Patchstack)