.. / CVE-2023-0900

Exploit for AP Pricing Tables Lite <= 1.1.6 - SQL Injection (CVE-2023-0900)

Description:

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.

Nuclei Template

View the template here CVE-2023-0900.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-0900.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-0900
https://wpscan.com/vulnerability/f601e637-a486-4f3a-9077-4f294ace7ea1
https://github.com/WPPlugins/ap-pricing-tables-lite