CVE-2023-5203

Name of the Vulnerable Software and Affected Versions WP Sessions Time Monitoring Full Automatic WordPress plugin version 1.0.8 and earlier

Description The issue is related to the lack of sanitization of the request URL or query parameters before using them in an SQL query. This allows unauthenticated attackers to extract sensitive data from the database via blind time-based SQL injection techniques or, in some cases, an error/union-based technique.

Recommendations For WP Sessions Time Monitoring Full Automatic WordPress plugin version 1.0.8 and earlier, update to version 1.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's SQL queries until a patch is applied. Avoid using the plugin with untrusted input until the issue is resolved.