Short Url

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2023-2921 HIGH POC This Week

The Short URL WordPress plugin through version 1.6.8 contains a SQL injection vulnerability (CWE-89) in an unsanitized parameter used directly in SQL statements. This vulnerability is exploitable by low-privileged users (subscribers), allowing attackers to extract sensitive database information, modify data, or potentially execute arbitrary code. With a CVSS score of 8.8 and network-accessible attack vector requiring only low privilege level, this represents a critical risk to WordPress installations using vulnerable plugin versions.

WordPress SQLi PHP Short Url

NVD WPScan

CVSS 3.1

8.8

EPSS

0.1%

CVE-2023-2921

EPSS 0% CVSS 8.8

HIGH POC This Week

The Short URL WordPress plugin through version 1.6.8 contains a SQL injection vulnerability (CWE-89) in an unsanitized parameter used directly in SQL statements. This vulnerability is exploitable by low-privileged users (subscribers), allowing attackers to extract sensitive database information, modify data, or potentially execute arbitrary code. With a CVSS score of 8.8 and network-accessible attack vector requiring only low privilege level, this represents a critical risk to WordPress installations using vulnerable plugin versions.

WordPress SQLi PHP +1

NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy