{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2921", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-05-26T19:48:42.220Z", "datePublished": "2025-06-06T06:00:05.014Z", "dateUpdated": "2025-06-09T19:45:35.897Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-06-06T06:00:05.014Z"}, "title": "Short URL <= 1.6.8 - Subscriber+ SQLi", "problemTypes": [{"descriptions": [{"description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Short URL", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "1.6.8"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers."}], "references": [{"url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Dao Xuan Hieu", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"references": [{"url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T19:45:18.628901Z", "id": "CVE-2023-2921", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T19:45:35.897Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-2921", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-09T19:45:18.628901Z"}}}], "references": [{"url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T19:26:40.426Z"}}], "cna": {"title": "Short URL <= 1.6.8 - Subscriber+ SQLi", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Dao Xuan Hieu"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Short URL", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.6.8"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-06-06T06:00:05.014Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2921", "state": "PUBLISHED", "dateUpdated": "2025-06-09T19:45:35.897Z", "dateReserved": "2023-05-26T19:48:42.220Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-06-06T06:00:05.014Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaizencoders:short_url:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0884698E-F4C6-4877-9B0C-021DB7C8A624", "versionEndExcluding": "1.6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers."}, {"lang": "es", "value": "El complemento Short URL de WordPress hasta la versi\u00f3n 1.6.8 no depura ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n SQL explotable por usuarios con privilegios relativamente bajos en el sitio, como los suscriptores."}], "id": "CVE-2023-2921", "lastModified": "2025-06-10T19:31:20.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-06T06:15:30.597", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}