CVE-2023-5203

moderate-risk
Published 2023-12-26

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

Do I need to act?

!
42.9% chance of exploitation in next 30 days
EPSS score — higher than 57% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Swit

References (2)

Exploit https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932
Exploit https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932
48
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal