WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection
CVE-2023-49776

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Sayfa Sayac
Vendor: CVE Published:; 20 December 2023

Summary

The Sayfa Sayac plugin developed by Hakan Demiray is susceptible to an SQL Injection vulnerability, particularly in versions from n/a through 2.6. This flaw arises from improper handling of special elements within SQL commands, potentially allowing unauthorized users to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive data within the database, posing a significant risk to WordPress sites utilizing this plugin. It is imperative for users to update to the latest version or apply necessary security measures to safeguard their websites.

Affected Version(s)

Sayfa Sayac <= 2.6

References

https://patchstack.com/database/vulnerability/sayfa-sayac...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Nov 30, 2023

Credit

Rafie Muhammad (Patchstack)