CVSS 3.1 Score 4.4 of 10 (medium)


Published Sep 5, 2023
Updated: Nov 7, 2023


CVE-2023-4636 is a vulnerability in the WordPress File Sharing Plugin for WordPress versions up to and including 2.0.3. This vulnerability allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts via admin settings, due to insufficient input sanitization and output escaping. The injection of these scripts can lead to the execution of malicious code whenever a user accesses an injected page. However, this vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. It has a base severity rating of MEDIUM with low impact on integrity and confidentiality, no user interaction required, and a high attack complexity. The vulnerability has a CVSS score of 4.4 out of 10 and can pose potential dangers to organizations using the affected versions of the plugin by allowing attackers to compromise the security and functionality of their WordPress websites. It is recommended that affected organizations upgrade to a patched version or apply any available security patches as soon as possible to mitigate the risk.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4636 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options