Back to search
CVE-2023-5041
Published: Jan 17, 2024
Modified: Jun 17, 2025
PUBLISHED
Description
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Track The Click | affected 0 - < 0.3.12 |
References
https://wpscan.com/vulnerability/45194442-6eea-4e07-85a5-4a1e2fde3523
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now