WordPress Plugin Vulnerabilities

WP TopBar <= 5.36 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Affects Plugins

Plugin icon
wp-topbar
No known fix

References

CVE
CVE-2023-23824

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
cf1493e4-471c-40cb-a8ab-f211ff444a6b

Timeline

Publicly Published
2023-01-19 (about 3 years ago)
Added
2023-01-23 (about 3 years ago)
Last Updated
2023-01-23 (about 3 years ago)

Other

Published
Title
Published
2024-11-25
Title
Security & Malware scan by CleanTalk < 2.145.1 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection
Published
2024-12-17
Title
Collapsing Categories < 3.0.9 - Unauthenticated SQL Injection
Published
2025-03-27
Title
Advanced Google reCAPTCHA < 1.30 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter
Published
2014-08-01
Title
Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection
Published
2025-10-14
Title
Wp tabber widget <= 4.0 - Authenticated (Contributor+) SQL Injection