CVEPublished 2023-12-261 article on news7 live referencesNVD data

CVE-2023-5203

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
7.5
HIGH
EPSS percentile
81
Exploit Prediction Scoring System · top 19% of all CVEs
Description

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

Timeline
Published 2023-12-26

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (3)