CVE-2023-0234

EUVD-2023-12318
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
sitegroundsiteground_security
𝑥
< 1.3.1
𝑥
= Vulnerable software versions
References
https://github.com/namah-age/CVEs/blob/master/1.md
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en
https://github.com/namah-age/CVEs/blob/master/1.md
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en