CVE-2023-0875

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
joomunitedwp_meta_seo
𝑥
< 4.5.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/d44e9a45-cbdf-46b1-8b48-7d934b617534
https://wpscan.com/vulnerability/d44e9a45-cbdf-46b1-8b48-7d934b617534