CVE-2023-2113

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published May 30, 2023

Updated: Jan 10, 2025

CWE ID 125

Summary

CVE-2023-2113 is a vulnerability affecting the Autoptimize WordPress plugin before version 3.1.7. This issue allows high privileged users, including administrators, to inject arbitrary JavaScript into the admin panel. The settings imported from a previous export are not properly sanitized and escaped, enabling this attack even when the unfiltered_html capability is disabled. This vulnerability poses a significant risk in multisite setups, allowing unauthorized JavaScript injection, which could lead to data theft or unauthorized system access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rPMPPi
https://www.cve.org/CVERecord?id=CVE-2023-2113
https://nvd.nist.gov/vuln/detail/CVE-2023-2113

Back to Vulnerability Database