Unrated severityNVD Advisory· Published Apr 17, 2023· Updated Feb 6, 2025
WC Fields Factory <= 4.1.5 - ShopManager+ SQLi
CVE-2023-0277
Description
The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WC Fields Factorydescription
- Range: <=4.1.5
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- wpscan.com/vulnerability/69ffb2f1-b291-49bf-80a8-08d03ceca53bmitreexploitvdb-entrytechnical-description
- bulletin.iese.de/post/wc-fields-factory_1-4-5mitre
News mentions
0No linked articles in our index yet.