CVE-2023-46823

Published Nov 6, 2023

Last updated a year ago

Overview

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.
Source: audit@patchstack.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

audit@patchstack.com: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:avirtum:imagelinks:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDFE397F-F43C-4361-A4A5-964D7A2CA7EF",
            "versionEndIncluding": "1.5.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References