Cyber Resilience

CVE-2023-0234

HighPublic PoC

Published: 06 February 2023

Published
06 February 2023
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0667 91.4th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0234 is a high-severity an unspecified weakness vulnerability in Siteground Siteground Security. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The SiteGround Security WordPress plugin before version 1.3.1 contains an authenticated SQL injection vulnerability caused by insufficient sanitization of user input prior to its use in SQL queries. The flaw affects any WordPress installation running the vulnerable plugin and carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low complexity, and low required privileges.

An authenticated attacker with low-privileged access can supply crafted input that alters the intended SQL query, enabling extraction or modification of database contents and potentially leading to full compromise of confidentiality, integrity, and availability on the affected site.

The provided references point to WPScan vulnerability entries and SiteGround’s responsible disclosure policy, which together indicate that the issue was addressed by releasing version 1.3.1; administrators should apply the update to eliminate the injection vector. The EPSS score rose from lower values after disclosure to a peak of 0.1620 on 2026-02-03 before receding to the current 0.0667, indicating a period of increased exploitation interest that later subsided.

EU & UK References

Vulnerability details

The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

siteground
siteground security
≤ 1.3.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References