Vulnerabilities > CVE-2023-0098 - Unspecified vulnerability in Getlasso Simple Urls

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

getlasso

NVD

Published: 2023-02-13

Updated: 2023-11-07

Summary

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.

Vulnerable Configurations

Part	Description	Count
Application	Getlasso Getlasso Simple Urls - Getlasso Simple Urls 0.9 Getlasso Simple Urls 0.9.1 Getlasso Simple Urls 0.9.2 Getlasso Simple Urls 0.9.3 Getlasso Simple Urls 0.9.4 Getlasso Simple Urls 0.9.5 Getlasso Simple Urls 0.9.6 Getlasso Simple Urls 0.9.7 Getlasso Simple Urls 0.9.8 Getlasso Simple Urls 0.9.9 Getlasso Simple Urls 104 Getlasso Simple Urls 105 Getlasso Simple Urls 106 Getlasso Simple Urls 107 Getlasso Simple Urls 108 Getlasso Simple Urls 109 Getlasso Simple Urls 110 Getlasso Simple Urls 111 Getlasso Simple Urls 112 Getlasso Simple Urls 113 Getlasso Simple Urls 114	22

References

https://wpscan.com/vulnerability/db0b3275-40df-404e-aa8d-53558f0122d8