{"id":22369,"date":"2025-04-12T22:59:36","date_gmt":"2025-04-12T22:59:36","guid":{"rendered":""},"modified":"2025-04-24T12:03:16","modified_gmt":"2025-04-24T12:03:16","slug":"cve-2023-6373-sql-injection-vulnerability-in-artplacer-widget-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-6373-sql-injection-vulnerability-in-artplacer-widget-wordpress-plugin\/","title":{"rendered":"CVE-2023-6373: SQL Injection Vulnerability in ArtPlacer Widget WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the realm of cybersecurity, one vulnerability that has recently come to light is the CVE-2023-6373, a significant security flaw found in the ArtPlacer Widget WordPress plugin. This vulnerability affects all versions of this plugin prior to 2.20.7. The issue lies in the plugin’s inability to sanitize and escape the “id” parameter before querying, making it prone to a SQL Injection<\/a> (SQLI) exploit. This is particularly concerning for website owners and developers using WordPress and the ArtPlacer Widget plugin, as a successful exploit can potentially compromise the entire system or lead<\/a> to data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2023-6373
\nSeverity: High (CVSS: 8.8)
\nAttack Vector: Network
\nPrivileges Required: Low (exploitable by editors and above)
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n