{"id":51200,"date":"2025-06-12T05:31:24","date_gmt":"2025-06-12T05:31:24","guid":{"rendered":""},"modified":"2025-07-10T23:24:27","modified_gmt":"2025-07-11T05:24:27","slug":"cve-2023-2921-critical-sql-injection-vulnerability-in-short-url-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-2921-critical-sql-injection-vulnerability-in-short-url-wordpress-plugin\/","title":{"rendered":"CVE-2023-2921: Critical SQL Injection Vulnerability in Short URL WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the realm of cybersecurity, the most critical vulnerabilities are those that allow an attacker to manipulate or extract data from the system. One such vulnerability has been identified in the Short URL WordPress plugin versions up to 1.6.8. This widely-used plugin is now revealed to contain a severe SQL injection vulnerability<\/a>, which has been assigned the identifier CVE-2023-2921. This vulnerability can potentially allow a user with relatively low privilege<\/a>, such as a subscriber, to compromise the system or leak crucial data.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2023-2921
\nSeverity: Critical (8.8 CVSS score)
\nAttack Vector: Network
\nPrivileges Required: Low (Subscriber-level)
\nUser Interaction: Required
\nImpact: System compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n