Wp Visitor Statistics - SQLi (CVE-2023-0600)
9Exploiting IPs reported
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
CrowdSec analysis
CVE-2023-0600 is a critical vulnerability in the WP Visitor Statistics (Real Time Traffic) WordPress plugin that allows unauthenticated users to perform SQL Injection attacks due to improper handling of user input.
CrowdSec has been tracking this vulnerability and its exploits since 14th of May 2024.
CrowdSec network data shows that most actors exploiting CVE-2023-0600 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2023-0600 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2023-0600 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.
Exploitation attempts typically involve tailored queries targeting endpoints associated with this plugin.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.