CVE-2023-6373 Information

Description

The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the \id\ parameter before submitting the query leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check the issue could also be exploited via a CSRF against a logged editor (or above)

Reference

https://wpscan.com/vulnerability/afc11c92-a7c5-4e55-8f34-f2235438bd1b/