CVE-2023-5203

HIGH NUCLEI

Swit WP Sessions Time Monitoring Full Automatic - SQL Injection

Title source: rule

Description

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

Nuclei Templates (1)

WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection

CRITICALVERIFIEDby Shivam Kamboj

References (1)

[Exploit] https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932

Scores

CVSS v3 7.5

EPSS 0.4293

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (1)

swit/wp_sessions_time_monitoring_full_automatic < 1.0.9

Published Dec 26, 2023

Tracked Since Feb 18, 2026