.. / CVE-2023-0600

Exploit for WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection (CVE-2023-0600)

Description:

The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

Nuclei Template

View the template here CVE-2023-0600.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-0600.yaml
Copy

References:

https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4
https://github.com/truocphan/VulnBox
https://nvd.nist.gov/vuln/detail/CVE-2023-0600