CVE-2023-5203
HIGH NUCLEIWP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL Injection via Request URL or Query Parameters
Title source: llmExploitation Summary
CVE-2023-5203 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.
Nuclei Templates (1)
WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection
CRITICALVERIFIEDby Shivam Kamboj
References (1)
Core 1
Core References
Exploit exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932
Scores
CVSS v3
7.5
EPSS
0.0222
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
swit/wp_sessions_time_monitoring_full_automatic
< 1.0.9
Published
Dec 26, 2023
Tracked Since
Feb 18, 2026