What is CVE-2023-0600?

CVE-2023-0600 is a vulnerability in Wp Visitor Statistics (Real Time Traffic), classified under CWE-89 SQL INJECTION. Published 2023-05-15.

Is CVE-2023-0600 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wp Visitor Statistics (Real Time Traffic)

CVE-2023-0600

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

EPSS: 0.768 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Wp Visitor Statistics (Real Time Traffic) — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
truocphan/VulnBox

References

wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-0600?: CVE-2023-0600 is a vulnerability in Wp Visitor Statistics (Real Time Traffic), classified under CWE-89 SQL INJECTION. Published 2023-05-15.
Is CVE-2023-0600 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.