CVE-2023-2921

{"id": "CVE-2023-2921", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-06-06T06:15:30.597", "references": [{"url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers."}, {"lang": "es", "value": "El complemento Short URL de WordPress hasta la versi\u00f3n 1.6.8 no depura ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n SQL explotable por usuarios con privilegios relativamente bajos en el sitio, como los suscriptores."}], "lastModified": "2025-06-10T19:31:20.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kaizencoders:short_url:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0884698E-F4C6-4877-9B0C-021DB7C8A624", "versionEndExcluding": "1.6.8"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}