CVE-2023-0098

Name of the Vulnerable Software and Affected Versions Simple URLs WordPress plugin versions prior to 115

Description The issue concerns a SQL injection problem. It arises because the plugin does not properly escape certain parameters before using them in SQL statements for AJAX actions. These actions are accessible to any authenticated user, making the SQL injection exploitable by low-privilege users, such as subscribers.

Recommendations For versions prior to 115, update to version 115 or later to resolve the SQL injection issue. As a temporary workaround, consider restricting access to AJAX actions to higher-privileged users until the update can be applied.