CVE-2023-0630

HIGH NUCLEI

Slimstat Analytics < 4.9.3.3 - Authenticated SQL Injection via Shortcode Attribute Concatenation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-0630. PoCs published by RandomRobbieBF. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits a SQL injection vulnerability in Slimstat Analytics < 4.9.3.3 by leveraging sqlmap to extract user password hashes from the WordPress database. It requires valid subscriber+ credentials and uses the WordPress REST API to fetch user IDs.

Description

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.

Exploits (1)

nomisec WORKING POC 2 stars

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2023-0630

View Code ZIP pw:eip

This PoC exploits a SQL injection vulnerability in Slimstat Analytics < 4.9.3.3 by leveraging sqlmap to extract user password hashes from the WordPress database. It requires valid subscriber+ credentials and uses the WordPress REST API to fetch user IDs.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Slimstat Analytics < 4.9.3.3

Auth required

Prerequisites: Valid WordPress subscriber+ credentials · sqlmap installed · WordPress REST API accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

HIGHVERIFIEDby DhiyaneshDK

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/b82bdd02-b699-4527-86cc-d60b56ab0c55

Scores

CVSS v3 8.8

EPSS 0.0514

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

wp-slimstat/slimstat_analytics < 4.9.3.3

Published Mar 20, 2023

Tracked Since Feb 18, 2026