What is CVE-2023-1020?

CVE-2023-1020 is a vulnerability in Steveas Wp Live Chat Shoutbox, classified under CWE-89 SQL INJECTION. Published 2023-04-24.

Is CVE-2023-1020 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Steveas Wp Live Chat Shoutbox

CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

EPSS: 0.736 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Steveas Wp Live Chat Shoutbox — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-1020?: CVE-2023-1020 is a vulnerability in Steveas Wp Live Chat Shoutbox, classified under CWE-89 SQL INJECTION. Published 2023-04-24.
Is CVE-2023-1020 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.