{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0600","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2023-01-31T19:04:31.711Z","datePublished":"2023-05-15T12:15:31.686Z","dateUpdated":"2025-01-24T20:22:17.142Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-05-15T12:15:31.686Z"},"title":"WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi","problemTypes":[{"descriptions":[{"description":"CWE-89 SQL Injection","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"WP Visitor Statistics (Real Time Traffic)","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"6.9"}],"defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks."}],"references":[{"url":"https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Trần Quốc Trường An","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:17:50.061Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-01-24T20:21:20.390735Z","id":"CVE-2023-0600","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-24T20:22:17.142Z"}}]}}