.. / CVE-2023-23489

Exploit for WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection (CVE-2023-23489)

Description:

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2023-23489.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-23489.yaml
Copy

References:

https://www.tenable.com/security/research/tra-2023-2
https://wordpress.org/plugins/easy-digital-downloads/
https://nvd.nist.gov/vuln/detail/CVE-2023-23489
https://github.com/JoshuaMart/JoshuaMart
https://wpscan.com/vulnerability/c5a6830c-6420-42fc-b20c-8e20224d6f18