CVE-2023-5761 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection (SQLi) in WordPress Plugin Burst Statistics. <br>💥 **Consequences**: Attackers can steal, modify, or delete database data. Full site compromise is possible due to high CVSS score.

🛡️ **Root Cause**: Insufficient escaping of user-supplied parameters. <br>🔍 **CWE**: Not explicitly listed, but classic **SQL Injection** flaw. Input validation failed.

📦 **Affected**: WordPress Plugin **Burst Statistics**. <br>📅 **Versions**: **1.4.0** through **1.4.6.1**. <br>👤 **Vendor**: rogierlankhorst.

🕵️ **Attacker Actions**: Execute arbitrary SQL commands. <br>🔓 **Impact**: High Confidentiality, Integrity, and Availability loss. Can access sensitive user data or admin credentials.

⚡ **Threshold**: **LOW**. <br>📊 **CVSS**: AV:N/AC:L/PR:N/UI:N. <br>🚫 **No Auth Required**: Exploitable remotely without login. Easy to exploit.

🧪 **Public Exploit**: No specific PoC listed in data. <br>🌐 **References**: WordFence and Trac links provided. Likely exploitable given 'AC:L' and 'PR:N'.

🔍 **Self-Check**: Scan for **Burst Statistics** plugin version. <br>📋 **Verify**: Check if version is between **1.4.0** and **1.4.6.1**. <br>🛠️ **Tools**: Use WordPress security scanners or manual version check.

✅ **Fixed**: Yes. <br>📝 **Patch**: Update to version **1.4.6.2** or later (implied by range end). <br>🔗 **Source**: WordPress Trac changeset provided.

🚧 **No Patch Workaround**: Disable the plugin immediately. <br>🔒 **Mitigation**: Remove plugin if not needed. <br>🛡️ **WAF**: Use Web Application Firewall to block SQLi patterns.

🔥 **Urgency**: **CRITICAL**. <br>🚨 **Priority**: Patch immediately. <br>📉 **Risk**: High CVSS score + No Auth needed = High likelihood of automated exploitation.