.. / CVE-2023-28662

Exploit for Wordpress Gift Cards <= 4.3.1 - SQL Injection (CVE-2023-28662)

Description:

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.

Nuclei Template

View the template here CVE-2023-28662.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-28662.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-28662
https://github.com/ARPSyndicate/cvemon
https://www.tenable.com/security/research/tra-2023-2
https://github.com/JoshuaMart/JoshuaMart
https://wordpress.org/plugins/gift-voucher/