CVE-2023-1730
SupportCandy < 3.1.5 - Unauthenticated SQLiThe SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks
We have discovered 368 live websites that are affected by CVE-2023-1730.
Affected Software
| Product |  Supportcandy |
| Category | Wordpress Plugins |
| Vulnerable Domains | 368 live websites (18% of Supportcandy install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 25 versions ( 48% of all versions) |
Common Weakness Enumeration
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Details
- Published - May 2, 2023
- Updated - Jan 30, 2025
Credits
- dc11 (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-1730 United States | 85 websites |
 Italy | 41 websites |
 Germany | 29 websites |
 Iran | 24 websites |
 Russia | 20 websites |
 GB | 18 websites |
 Brazil | 16 websites |
 France | 16 websites |
 Spain | 11 websites |
 Australia | 9 websites |
Website Distribution by TLD
Number of websites using CVE-2023-1730| .com | 134 websites |
| .it | 31 websites |
| .ru | 18 websites |
| .com.br | 17 websites |
| .net | 11 websites |
| .org | 10 websites |
| .de | 8 websites |
| .pl | 6 websites |
| .com.au | 5 websites |
| .eu | 5 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-1730
Top websites that are affected by CVE-2023-1730. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.app |  Bulgaria | **,*** | |
| ****************.com | GB | **,*** | |
| ********.pt | United States | **,*** | |
| *****.sv |  El Salvador | ***,*** | |
| *****************.com | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| *********.de | Germany | ***,*** | |
| ************.***.au | Australia | ***,*** | |
| ************.com | United States | ***,*** |
FAQ
CVE-2023-1730 is Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Supportcandy
A total of 368 websites have been identified as vulnerable to CVE-2023-1730, based on global website indexing conducted by WebTechSurvey.
The Supportcandy is affected by the CVE-2023-1730 vulnerability.
Supportcandy versions up to 3.1.5 are vulnerable to CVE-2023-1730.
CVE-2023-1730 is resolved in version 3.1.5 of Supportcandy.