The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/45194442-6eea-4e07-85a5-4a1e2fde3523 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-17T14:27:26.529Z
Updated: 2024-01-17T14:31:47.758Z
Reserved: 2023-09-18T10:34:59.045Z
Link: CVE-2023-5041
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-17T15:15:10.850
Modified: 2024-01-24T19:20:29.410
Link: CVE-2023-5041
JSON object: View
Redhat Information
No data.
CWE