Critical severity9.8NVD Advisory· Published Jun 27, 2023· Updated Jun 17, 2026
CVE-2023-2601
CVE-2023-2601
Description
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <2.0.0
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/173732/WordPress-WP-Brutal-AI-Cross-Site-Request-Forgery-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- wpscan.com/vulnerability/57769468-3802-4985-bf5e-44ec1d59f5fdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.