CVE-2023-4636

Summary

CVE-2023-4636 is a vulnerability in the WordPress File Sharing Plugin for WordPress versions up to and including 2.0.3. This vulnerability allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts via admin settings, due to insufficient input sanitization and output escaping. The injection of these scripts can lead to the execution of malicious code whenever a user accesses an injected page. However, this vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. It has a base severity rating of MEDIUM with low impact on integrity and confidentiality, no user interaction required, and a high attack complexity. The vulnerability has a CVSS score of 4.4 out of 10 and can pose potential dangers to organizations using the affected versions of the plugin by allowing attackers to compromise the security and functionality of their WordPress websites. It is recommended that affected organizations upgrade to a patched version or apply any available security patches as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.