CVE-2023-26003

| EUVD-2023-29890 HIGH
2025-06-06 [email protected]
SQLi WordPress PHP
7.6
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2023-29890
CVE Published
Jun 06, 2025 - 13:15 nvd
HIGH 7.6

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2.

AnalysisAI

SQL injection vulnerability in the WP Post Corrector WordPress plugin (versions up to 1.0.2) that allows authenticated attackers with high privileges to execute arbitrary SQL queries, potentially leading to unauthorized data disclosure and limited service disruption. The vulnerability requires administrator-level access to exploit, significantly limiting its immediate threat surface, though it could be chained with privilege escalation attacks.

Technical ContextAI

The vulnerability exists in the WP Post Corrector plugin, a WordPress extension that is subject to improper input sanitization when constructing SQL queries (CWE-89: SQL Injection). The plugin fails to properly neutralize special SQL metacharacters in user-supplied input before passing them to database query functions. The affected technology stack includes WordPress plugin architecture and MySQL/MariaDB database backends. The vulnerability likely stems from direct concatenation of user input into SQL statements without parameterized queries or prepared statements, a common pattern in legacy WordPress plugins. This affects WordPress installations where the plugin is active and where an attacker has gained administrator credentials or exploited privilege escalation.

RemediationAI

Patch/Update: Update WP Post Corrector to version 1.0.3 or later (if available) from the WordPress plugin repository or vendor source; priority: Critical Immediate Workaround: Disable and deactivate the WP Post Corrector plugin entirely until a patched version is available; priority: Critical Access Control: Restrict administrator role assignment to trusted users only; implement multi-factor authentication (MFA) on all WordPress administrator accounts; priority: High Detection: Monitor WordPress admin user activity and database query logs for suspicious SQL patterns; implement Web Application Firewall (WAF) rules to detect SQL injection attempts; priority: High Code Hardening (if patch unavailable): Review plugin source code and apply input validation, parameterized queries, and prepared statements using wpdb->prepare() WordPress API functions; priority: High

Share

CVE-2023-26003 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy