Vulnerabilities > CVE-2023-0579 - Unspecified vulnerability in Yarpp

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

yarpp

NVD

Published: 2023-08-16

Updated: 2023-11-07

Summary

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.

Vulnerable Configurations

Part	Description	Count
Application	Yarpp Yarpp Yarpp *	1

References

https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690