CVE-2023-0900 Scanner

AP Pricing Tables Lite is a WordPress plugin developed by WPDevArt, designed to allow WordPress site administrators to easily create and manage pricing tables. This plugin is widely used by businesses and individual site owners to display pricing information for products, services, or packages in an organized and aesthetically pleasing manner. Its user-friendly interface and customizable design options make it a popular choice for enhancing the user experience and providing clear pricing information on websites.

The vulnerability detected in AP Pricing Tables Lite up to version 1.1.6 is a SQL Injection (SQLi), a critical security issue that allows attackers to execute arbitrary SQL commands through the plugin. This flaw is specifically exploitable by users with administrative privileges, such as site admins, due to improper sanitization and escaping of parameters before incorporating them into SQL queries.

This SQL Injection vulnerability arises from the plugin's mishandling of certain parameters that are used in SQL statements without proper validation or sanitation. As a result, an attacker with administrative access can manipulate SQL queries to perform actions such as accessing sensitive data, modifying database contents, or even dropping tables. The issue is triggered via specific actions within the plugin's administrative interface, highlighting the importance of strict input validation and parameter sanitization in web applications.

Exploiting this vulnerability could lead to unauthorized access to sensitive information stored in the WordPress site's database, including user credentials, personal data, and website configuration details. Additionally, attackers could manipulate or delete data, leading to website dysfunction, loss of data integrity, and potentially taking complete control of the affected site.

By becoming a member of the securityforeveryone platform, you gain access to our state-of-the-art Cyber Threat Exposure Management service, which includes the detection of vulnerabilities like the SQL Injection in AP Pricing Tables Lite. Our platform uses advanced scanning techniques and proprietary software to identify and report security weaknesses, providing you with the knowledge and tools necessary to secure your digital assets effectively. Join us to enhance your cybersecurity posture and protect your website from potential threats.

References

• https://wpscan.com/vulnerability/f601e637-a486-4f3a-9077-4f294ace7ea1
• https://github.com/WPPlugins/ap-pricing-tables-lite
• https://nvd.nist.gov/vuln/detail/CVE-2023-0900