Cyber Resilience

CVE-2023-0900

HighPublic PoC

Published: 05 June 2023

Published
05 June 2023
Modified
08 January 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0637 91.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0900 is a high-severity an unspecified weakness vulnerability in Wpdevart Pricing Table Builder. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The Pricing Table Builder WordPress plugin through version 1.1.6 contains a SQL injection vulnerability caused by insufficient sanitization and escaping of a parameter before it is used in a SQL statement. The flaw affects any site running the plugin and carries a CVSS 3.1 score of 7.2, reflecting network-accessible exploitation with high impact on confidentiality, integrity, and availability.

An authenticated administrator or other high-privilege user can supply a crafted input that alters the generated SQL query, allowing arbitrary data extraction or modification within the WordPress database. Because the attack requires administrative credentials and no user interaction, it is primarily a post-compromise or insider-threat vector rather than a remote unauthenticated issue.

Public references published by WPScan document the vulnerability and provide technical details for detection and verification. No official patch information is supplied in the available references, so site owners should verify the current plugin version and apply updates from the vendor when released.

EPSS scores have remained low and stable near 0.06 with no material increase after disclosure.

EU & UK References

Vulnerability details

The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wpdevart
pricing table builder
≤ 1.1.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References