.. / CVE-2023-1730

Exploit for SupportCandy < 3.1.5 - Unauthenticated SQL Injection (CVE-2023-1730)

Description:

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.

Nuclei Template

View the template here CVE-2023-1730.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-1730.yaml
Copy

References:

https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7
https://github.com/tanjiti/sec_profile
https://nvd.nist.gov/vuln/detail/CVE-2023-1730
https://wordpress.org/plugins/supportcandy/