CVE-2023-2188

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Aug 31, 2023
Updated: Nov 7, 2023

Summary

CVE-2023-2188 is a vulnerability affecting the Colibri Page Builder plugin for WordPress. This issue allows authenticated attackers with administrator-level access to inject SQL queries into existing ones through the 'post_id' parameter. The plugin fails to properly escape user-supplied data and prepare SQL queries, leading to the vulnerability. Attackers can exploit this to extract sensitive information from the database. Versions up to, and including, 1.0.227 are impacted.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share