CVSS 3.1 Score 5.4 of 10 (medium)


Published Sep 12, 2023
Updated: Nov 7, 2023


CVE-2023-4890 is a vulnerability in the JQuery Accordion Menu Widget for WordPress plugin. This vulnerability affects versions up to and including 3.1.2 of the plugin. The vulnerability allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts into pages using the 'dcwp-jquery-accordion' shortcode. These scripts will execute whenever a user accesses an injected page. The vulnerability is categorized as CWE-79, which refers to improper neutralization of input during web page generation (cross-site scripting). The base severity of this vulnerability is rated as medium, with a base score of 5.4 out of 10. Remediation for this vulnerability involves updating the affected plugin to a version that includes proper input sanitization and output escaping to prevent stored cross-site scripting attacks. Organizations using the vulnerable plugin should take immediate action to mitigate the potential danger it poses to their websites and users.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4890 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options