Exploitation Summary
CVE-2023-1730 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks
Nuclei Templates (1)
SupportCandy < 3.1.5 - Unauthenticated SQL Injection
CRITICALVERIFIEDby theamanrawat
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7
Scores
CVSS v3
9.8
EPSS
0.4059
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
supportcandy/supportcandy
< 3.1.5
Published
May 02, 2023
Tracked Since
Feb 18, 2026