cleantalk
Vulnerabilities and Security Researches

WC Fields Factory, CVE-2023-0277

CVE, Research URL

CVE-2023-0277

Home page URL

Security reports for WC Fields Factory

Application

WC Fields Factory

Published on
Apr 17, 2023
Research Description
The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Affected versions
Min -, max 4.1.7.
Status
vulnerable
Previous vulnerability researches
WC Fields Factory (CVE-2023-0277) , Jun 07, 2024
WC Fields Factory (6cc027737736ffa5a4ad7d18f7aacab3368b4dae) , Jun 07, 2024
New vulnerability
YITH WooCommerce Wishlist (CVE-2025-5238) , Jun 14, 2025
Print Invoice & Delivery Notes for WooCommerce (CVE-2025-49239) , Jun 14, 2025
Customize Add to Cart Button Text for WooCommerce (CVE-2025-48254) , Jun 14, 2025
Volunteer Sign Up Sheets (CVE-2025-3704) , Jun 14, 2025
WP Table Builder – WordPress Table Plugin (CVE-2025-49286) , Jun 14, 2025