What is CVE-2023-0630?

CVE-2023-0630 is a vulnerability in Slimstat Analytics, classified under CWE-89 SQL INJECTION. Published 2023-03-20.

Is CVE-2023-0630 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Slimstat Analytics

CVE-2023-0630

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.

EPSS: 0.902 (99.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Slimstat Analytics — versions 4.1

Public proof-of-concept exploits

RandomRobbieBF/CVE-2023-0630
20142995/nuclei-templates
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/b82bdd02-b699-4527-86cc-d60b56ab0c55 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-0630?: CVE-2023-0630 is a vulnerability in Slimstat Analytics, classified under CWE-89 SQL INJECTION. Published 2023-03-20.
Is CVE-2023-0630 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.