WordPress Plugin Vulnerabilities

Colibri Page Builder < 1.0.229 - Admin+ SQL Injection

Description

The plugin does not properly sanitise and escape the post_id parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Affects Plugins

Plugin icon
colibri-page-builder
Fixed in 1.0.229

References

CVE
CVE-2023-2188

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
1b0baf4c-f751-4b56-94ab-2264fe502040

Timeline

Publicly Published
2023-06-22 (about 2 years ago)
Added
2023-08-31 (about 2 years ago)
Last Updated
2023-08-31 (about 2 years ago)

Other

Published
Title
Published
2023-02-27
Title
WP Meta SEO < 4.5.3 - Subscriber+ SQLi
Published
2020-07-09
Title
Travel Booking < 2.8.4 - Unauthenticated SQL Injection
Published
2014-03-17
Title
WordPress 1.0-3.8.1 - Authenticated Admin Blind SQL Injection
Published
2025-03-24
Title
Web Directory Free < 1.7.7 - Unauthenticated SQL Injection
Published
2021-02-08
Title
Pricing Table by Supsystic < 1.8.9 - Authenticated SQL Injections