CVE-2023-0224

CRITICAL

GiveWP < 2.24.1 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/

Scores

CVSS v3 9.8
EPSS 0.0374
EPSS Percentile 88.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
givewp/givewp < 2.24.1
Published Jan 16, 2024
Tracked Since Feb 18, 2026