WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection
CVE-2023-49776

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Sayfa Sayac
Vendor: CVE Published:; 20 December 2023

What is CVE-2023-49776?

The Sayfa Sayac plugin developed by Hakan Demiray is susceptible to an SQL Injection vulnerability, particularly in versions from n/a through 2.6. This flaw arises from improper handling of special elements within SQL commands, potentially allowing unauthorized users to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive data within the database, posing a significant risk to WordPress sites utilizing this plugin. It is imperative for users to update to the latest version or apply necessary security measures to safeguard their websites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sayfa Sayac <= 2.6

References

https://patchstack.com/database/vulnerability/sayfa-sayac...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Nov 30, 2023

Credit

Rafie Muhammad (Patchstack)

JSON

WordPress

What is CVE-2023-49776?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.