High severity8.8NVD Advisory· Published Jan 16, 2024· Updated Jun 17, 2026
CVE-2023-6373
CVE-2023-6373
Description
The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/ArtPlacer Widget WordPress plugindescription
- Range: <2.20.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/afc11c92-a7c5-4e55-8f34-f2235438bd1b/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.