.. / CVE-2023-0630

Exploit for Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection (CVE-2023-0630)

Description:

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.

Nuclei Template

View the template here CVE-2023-0630.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-0630.yaml
Copy

References:

https://wpscan.com/vulnerability/b82bdd02-b699-4527-86cc-d60b56ab0c55
https://nvd.nist.gov/vuln/detail/CVE-2023-0630
https://wordpress.org/plugins/wp-slimstat
https://github.com/RandomRobbieBF/CVE-2023-0630
https://github.com/nomi-sec/PoC-in-GitHub