CVE-2023-0579

HIGH

YARPP < 5.30.3 - Authenticated SQL Injection via Shortcode Attributes

Title source: llm
STIX 2.1

Description

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690

Scores

CVSS v3 8.8
EPSS 0.0094
EPSS Percentile 56.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
yarpp/yarpp < 5.30.3
yarpp/yet_another_related_posts_plugin < 5.30.3
Published Aug 16, 2023
Tracked Since Feb 18, 2026