CVSS Score of 10 (low)


Published Nov 22, 2023
Updated: Nov 30, 2023


CVE-2023-2841 is a vulnerability in the Advanced Local Pickup for WooCommerce plugin for WordPress, affecting versions up to and including 1.5.5. The vulnerability allows authenticated attackers with admin-level privileges to perform time-based SQL Injection by manipulating the id parameter. Insufficient escaping on the user-supplied parameter and lack of preparation on the existing SQL query make it possible for attackers to inject additional SQL queries, potentially leading to the extraction of sensitive information from the database. This vulnerability has a CVSSv3 base score of 7.2 (High severity) and poses a significant danger to organizations using the affected plugin versions.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-2841 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options