CVE-2023-28788

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/advanced-page-visit-counter/wordpress-advanced-page-visit-counter-plugin-6-4-2-sql-injection-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pagevisitcounter:advanced_page_visit_counter:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2023-12-20 18:15

Updated : 2023-12-27 15:04

NVD link : CVE-2023-28788

Mitre link : CVE-2023-28788

CVE.ORG link : CVE-2023-28788

JSON object : View

Products Affected

pagevisitcounter

advanced_page_visit_counter

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-28788", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2023-12-20T18:15:12.130", "references": [{"url": "https://patchstack.com/database/vulnerability/advanced-page-visit-counter/wordpress-advanced-page-visit-counter-plugin-6-4-2-sql-injection-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2.\n\n"}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress. Este problema afecta a Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: desde n /a hasta 6.4.2."}], "lastModified": "2023-12-27T15:04:40.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pagevisitcounter:advanced_page_visit_counter:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D7DA14E8-3573-4D20-9026-BD7299AEF757", "versionEndIncluding": "6.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}