First published: Mon Nov 20 2023(Updated: )
The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.
|Affected Software||Affected Version||How to fix|
|Dguzun Article Analytics||<=1.0|
The severity of CVE-2023-5640 is critical.
CVE-2023-5640 is a SQL injection vulnerability in the Article Analytics WordPress plugin, which allows unauthenticated users to execute malicious SQL queries.
The Article Analytics WordPress plugin version up to 1.0 is affected by CVE-2023-5640.
To fix CVE-2023-5640, update the Article Analytics WordPress plugin to the latest version, which includes a patch for the SQL injection vulnerability.
Yes, you can find more information about CVE-2023-5640 at the following references: - [WPScan Vulnerability Database](https://wpscan.com/vulnerability/9a383ef5-0f1a-4894-8f78-845abcb5062d) - [Devl00p Blog Post](https://devl00p.github.io/posts/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics/)