CVE-2023-5430: SQL Injection
First published: Tue Oct 31 2023(Updated: )
The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gopiplus jQuery News Ticker | <3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-5430?
CVE-2023-5430 is a vulnerability in the Jquery news ticker plugin for WordPress that allows SQL Injection via the plugin's shortcode.
What is the severity of CVE-2023-5430?
The severity of CVE-2023-5430 is high with a severity value of 8.8.
How does CVE-2023-5430 affect the Jquery news ticker plugin?
CVE-2023-5430 affects the Jquery news ticker plugin by allowing SQL Injection through the plugin's shortcode.
How can I fix CVE-2023-5430?
To fix CVE-2023-5430, update the Jquery news ticker plugin to a version higher than 3.1.
What is CWE-89?
CWE-89 is a vulnerability type called SQL Injection.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/gopiplus
- canonical/gopiplus jquery news ticker