CVE-2023-0224

Summary

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks

Affected Software

VendorProductVersion RangeStatus
UnknownGiveWP0 < 2.24.1affected

Weaknesses

  • CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References