Skip to main content

CVE-2023-1730

Description

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks

NVD
Severity: CRITICAL
CVE ID: CVE-2023-1730
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-1730

Refrence: Project Discovery GitHub

Description
Proof Of Concept