CVE-2023-0234

The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/namah-age/CVEs/blob/master/1.md	Third Party Advisory
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1	Exploit Third Party Advisory
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en	Issue Tracking
https://github.com/namah-age/CVEs/blob/master/1.md	Third Party Advisory
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1	Exploit Third Party Advisory
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:siteground:siteground_security:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:36

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-06 20:15

Updated : 2025-03-25 19:15

NVD link : CVE-2023-0234

Mitre link : CVE-2023-0234

CVE.ORG link : CVE-2023-0234

JSON object : View

Products Affected

siteground

siteground_security

CWE

No CWE.

{"id": "CVE-2023-0234", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-02-06T20:15:14.053", "references": [{"url": "https://github.com/namah-age/CVEs/blob/master/1.md", "tags": ["Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en", "tags": ["Issue Tracking"], "source": "contact@wpscan.com"}, {"url": "https://github.com/namah-age/CVEs/blob/master/1.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue."}], "lastModified": "2025-03-25T19:15:40.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siteground:siteground_security:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "327E707C-75F2-4F3A-A148-7D8BC9E19A3D", "versionEndExcluding": "1.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}