What is CVE-2023-1730?

CVE-2023-1730 is a vulnerability in Supportcandy, classified under CWE-89 SQL INJECTION. Published 2023-05-02.

Is CVE-2023-1730 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Supportcandy

CVE-2023-1730

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks

EPSS: 0.818 (99.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Supportcandy — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
l0928h/kate
tanjiti/sec_

References

wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-1730?: CVE-2023-1730 is a vulnerability in Supportcandy, classified under CWE-89 SQL INJECTION. Published 2023-05-02.
Is CVE-2023-1730 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.