CVE-2023-1020

Name of the Vulnerable Software and Affected Versions The Steveas WP Live Chat Shoutbox WordPress plugin versions 1.4.2 and earlier

Description The issue is related to a SQL injection vulnerability. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement via an AJAX action. This action is available to unauthenticated users, making it accessible to remote attackers. The exploitation of this issue can allow an attacker to execute arbitrary SQL code.

Recommendations For versions 1.4.2 and earlier, update to a version that addresses this SQL injection issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.