CVE-2023-28748

FOE NIST NVD November 06, 2023

Summary

A critical SQL Injection vulnerability (CVE-2023-28748) has been identified in the Copy or Move Comments plugin for WordPress. The flaw stems from improper neutralization of special elements in SQL commands, allowing attackers to inject malicious SQL code. The vulnerability affects versions up to and including 5.0.4.

IFF Assessment

FOE

This vulnerability allows attackers to exploit a common web application weakness, SQL injection, which can lead to data theft or unauthorized access.

Severity

9.8 Critical

Defender Context

Defenders should prioritize patching or updating the Copy or Move Comments plugin to the latest secure version to mitigate this critical SQL injection risk. Monitoring web server logs for suspicious SQL query patterns can also help detect potential exploitation attempts.

Read Full Story →