[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-2533":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":50,"name":51,"published":52,"updated":34},2533,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},2,"Nuclei",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":43,"epss_score":44,"epss_percentile":45,"cve":46,"in_cisa_catalog":48,"date":49,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"critical","Unauthenticated attackers can execute SQL injection through AJAX actions to extract the complete WordPress database including chat logs and user credentials.","The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","Update to the latest version of the Steveas WP Live Chat Shoutbox plugin (1.4.2) or apply the vendor-provided patch to fix the SQL Injection vulnerability.",[40,41,42],"https://wpscan.com/vulnerability/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff","https://wordpress.org/plugins/wp-shoutbox-live-chat/","https://nvd.nist.gov/vuln/detail/CVE-2023-1020",9.8,0.82249,0.99212,[47],"CVE-2023-1020",false,"2023-04-24T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2023-1020","Steveas WP Live Chat Shoutbox \u003C= 1.4.2 - SQL Injection","2023-07-04T00:00:00Z"]