← back
CVE-2023-1730

SupportCandy < 3.1.5 - Unauthenticated SQLi

CVSS 9.8 CRITICALEPSS 40.6%CWE-89
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · SupportCandy
public PoCs found1
cve_referencewpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7