CVE-2023-0234

The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
sitegroundsiteground_security
𝑥
< 1.3.1
𝑥
= Vulnerable software versions
References
https://github.com/namah-age/CVEs/blob/master/1.md
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en
https://github.com/namah-age/CVEs/blob/master/1.md
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en