CVE-2023-6567

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 11, 2024
Updated: Jan 17, 2024
CWE ID 89

Summary

CVE-2023-6567: Unauthenticated attackers can exploit the LearnPress plugin for WordPress through a time-based SQL Injection vulnerability, affecting versions up to 4.2.5.7. The issue arises from insufficient escaping of user-supplied 'order_by' parameter and lack of preparation of existing SQL queries. This vulnerability allows attackers to append malicious SQL queries, potentially leading to extraction of sensitive data from the database.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share